[Git][security-tracker-team/security-tracker][master] sane-backends: link upstream patches

Sylvain Beucler beuc at debian.org
Tue Aug 11 12:22:12 BST 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f6e15fe by Sylvain Beucler at 2020-08-11T13:19:14+02:00
sane-backends: link upstream patches
CVE-2020-12861,CVE-2020-12862,CVE-2020-12863,CVE-2020-12864,CVE-2020-12865,CVE-2020-12866,CVE-2020-12867

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10847,6 +10847,7 @@ CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backe
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read
 	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
+	NOTE: https://gitlab.com/sane-project/backends/-/commit/fff83e7eacd0f27bb2d71c42488e0fd735c15ac3 (1.0.30)
 CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows a mal ...)
 	[experimental] - sane-backends 1.0.30-1~experimental1
 	- sane-backends <unfixed> (bug #961302)
@@ -10855,6 +10856,8 @@ CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read
 	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
+	NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access)
+	NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix)
 CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...)
 	[experimental] - sane-backends 1.0.30-1~experimental1
 	- sane-backends <unfixed> (bug #961302)
@@ -10863,6 +10866,7 @@ CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img
 	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
+	NOTE: https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967 (1.0.30)
 CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
 	[experimental] - sane-backends 1.0.30-1~experimental1
 	- sane-backends <unfixed> (bug #961302)
@@ -10871,6 +10875,8 @@ CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read
 	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
+	NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access)
+	NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix)
 CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
 	[experimental] - sane-backends 1.0.30-1~experimental1
 	- sane-backends <unfixed> (bug #961302)
@@ -10879,6 +10885,7 @@ CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header
 	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
+	NOTE: https://gitlab.com/sane-project/backends/-/commit/db9480b09ea807e52029f2334769a55d4b95e45b (1.0.30)
 CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
 	[experimental] - sane-backends 1.0.30-1~experimental1
 	- sane-backends <unfixed> (bug #961302)
@@ -10887,6 +10894,7 @@ CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary
 	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
+	NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30)
 CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...)
 	[experimental] - sane-backends 1.0.30-1~experimental1
 	- sane-backends <unfixed> (bug #961302)
@@ -10895,6 +10903,8 @@ CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a m
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279
 	NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read
 	NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
+	NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access)
+	NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix)
 CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...)
 	NOT-FOR-US: COVIDSafe
 CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f6e15fe4cb2708d0084330ecd2e1cdc9f204473

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f6e15fe4cb2708d0084330ecd2e1cdc9f204473
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200811/b9a53827/attachment.html>

More information about the debian-security-tracker-commits mailing list