user/sane: multiple vulnerabilities
| Bugzilla ID | 294 |
| Alias(es) | CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-06-01 11:58:05 -0500 |
| Modified | 2020-07-08 15:02:59 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/sane |
| URL | https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=304 |
Description
epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
management issues found while addressing that CVEepsonds: addresses out-of-bound memory access issues to fix
CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
and disables network autodiscovery to mitigate CVE-2020-12866
(GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
(GHSL-2020-081). Note that this backend does not support network
scanners to begin with.magicolor: fixes a floating point exception and uninitialized data
read- fixes an overflow in
sanei_tcp_read()
Fixed in >= 1.0.30