[ubuntu/focal-security] sane-backends 1.0.29-0ubuntu5.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Aug 24 13:07:26 UTC 2020

sane-backends (1.0.29-0ubuntu5.1) focal-security; urgency=medium

  * SECURITY UPDATE: multiple issues in epsonds network discovery
    - debian/patches/CVE-2020-12861_12864_12866.patch: disable network
      autodiscovery in backend/epsonds.conf.in.
    - CVE-2020-12861
    - CVE-2020-12864
    - CVE-2020-12866
  * SECURITY UPDATE: out-of-bounds read in epsonds
    - debian/patches/CVE-2020-12862.patch: do not read beyond the end of
      the token in backend/epsonds-cmd.c.
    - CVE-2020-12862
  * SECURITY UPDATE: out-of-bounds read in epsonds
    - debian/patches/CVE-2020-12863.patch: read only up to seven hexdigits
      to determine payload size in backend/epsonds-cmd.c.
    - CVE-2020-12863
  * SECURITY UPDATE: heap buffer overflow in epsonds
    - debian/patches/CVE-2020-12865.patch: check for overflow when reading
      image data in backend/epsonds-cmd.c, backend/epsonds.c,
    - CVE-2020-12865
  * SECURITY UPDATE: NULL pointer dereference in epson2
    - debian/patches/CVE-2020-12867.patch: rewrite network I/O in
      backend/epson2_net.c, backend/epson2_net.h.
    - CVE-2020-12867

Date: 2020-08-21 15:52:17.298451+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list