[sane-devel] CVE-2017-6318 (old: Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server)

Jörg Frings-Fürst debian at jff-webhosting.net
Mon Apr 17 19:57:03 UTC 2017


Debian is about to be released. Sane-backends do not have to contain
any serious errors.

I need your evaluation of the patch.

Many thanks


Am Samstag, den 25.02.2017, 21:20 +0100 schrieb Jörg Frings-Fürst:
> Hi,
> the bug[1] is now an security issue[2] and has a CVE-Number[3].
> I need your comment about the patch.
> CU
> Jörg
> [1]https://alioth.debian.org/tracker/index.php?func=detail&aid=315576&group_id=30186&atid=410366
> [2]https://security-tracker.debian.org/tracker/CVE-2017-6318
> [3]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6318
GPG Fingerprint: 63E0 075F C8D4 3ABB 35AB  30EE 09F8 9F3C 8CA1 D25D
GPG key (long) : 09F89F3C8CA1D25D
GPG Key        : 8CA1D25D
CAcert Key S/N : 0E:D4:56

Old pgp Key: BE581B6E (revoked since 2014-12-31).

Jörg Frings-Fürst
D-54470 Lieser

Threema: SYR8SJXB
Wire: @joergfringsfuerst

IRC: j_f-f at freenode.net
     j_f-f at oftc.net

My wish list: 
 - Please send me a picture from the nature at your home.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/sane-devel/attachments/20170417/535cf32f/attachment.sig>

More information about the sane-devel mailing list