Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • Adélie Package Tree Adélie Package Tree
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
  • Issues 161
    • Issues 161
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 17
    • Merge requests 17
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie LinuxAdélie Linux
  • Adélie Package TreeAdélie Package Tree
  • Issues
  • #294
Closed
Open
Issue created Jun 01, 2020 by Emily@emily🤖

user/sane: multiple vulnerabilities

Bugzilla ID 294
Alias(es) CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
Reporter Max Rees (sroracle)
Assignee Max Rees (sroracle)
Reported 2020-06-01 11:58:05 -0500
Modified 2020-07-08 15:02:59 -0500
Status RESOLVED FIXED
Version 1.0-RC1
Hardware Adélie Linux / All
Importance --- / normal
Package(s) user/sane
URL https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
See also https://bts.adelielinux.org/show_bug.cgi?id=304

Description

  • epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
    management issues found while addressing that CVE
  • epsonds: addresses out-of-bound memory access issues to fix
    CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
    addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
    and disables network autodiscovery to mitigate CVE-2020-12866
    (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
    (GHSL-2020-081). Note that this backend does not support network
    scanners to begin with.
  • magicolor: fixes a floating point exception and uninitialized data
    read
  • fixes an overflow in sanei_tcp_read()

Fixed in >= 1.0.30

Assignee
Assign to
Time tracking