Back to sane-backends PTS page

Accepted sane-backends 1.0.25-4.1+deb9u1 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted sane-backends 1.0.25-4.1+deb9u1 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 17 Aug 2020 21:00:14 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1k7mEo-0000Aa-L1@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Aug 2020 18:59:57 +0200
Source: sane-backends
Binary: sane-utils libsane-common libsane libsane-dev libsane-dbg
Architecture: source
Version: 1.0.25-4.1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Jörg Frings-Fürst <debian@jff-webhosting.net>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 libsane    - API library for scanners
 libsane-common - API library for scanners -- documentation and support files
 libsane-dbg - API development library for scanners [debug symbols]
 libsane-dev - API development library for scanners [development files]
 sane-utils - API library for scanners -- utilities
Changes:
 sane-backends (1.0.25-4.1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2020-12862: an out-of-bounds read in SANE Backends before 1.0.30
     may allow a malicious device connected to the same local network as
     the victim to read important information, such as the ASLR offsets of
     the program, aka GHSL-2020-082.
   * CVE-2020-12863: an out-of-bounds read in SANE Backends before 1.0.30
     may allow a malicious device connected to the same local network as
     the victim to read important information, such as the ASLR offsets of
     the program, aka GHSL-2020-083.
   * CVE-2020-12865: a heap buffer overflow in SANE Backends before 1.0.30
     may allow a malicious device connected to the same local network as
     the victim to execute arbitrary code, aka GHSL-2020-084.
   * CVE-2020-12867: a NULL pointer dereference in sanei_epson_net_read in
     SANE Backends before 1.0.30 allows a malicious device connected to the
     same local network as the victim to cause a denial of service, aka
     GHSL-2020-075.
   * Fix debian/tests/start-net.
Checksums-Sha1:
 2ccb7e59a72f9b10d31bd0ec04c724078460d627 2174 sane-backends_1.0.25-4.1+deb9u1.dsc
 05824922d91571e1fc2f5cdd270745783d593754 5955016 sane-backends_1.0.25.orig.tar.gz
 097ca36c6ee57c2be76d309e8c82a39bfad3d58b 114952 sane-backends_1.0.25-4.1+deb9u1.debian.tar.xz
 c93478b7c97df42f9058a3547c0eb85a653cb0b8 10763 sane-backends_1.0.25-4.1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 364e6afb70351c60a6ac5f444315751c2bd08724b02472cd48779ae70e1c8a5f 2174 sane-backends_1.0.25-4.1+deb9u1.dsc
 a4d7ba8d62b2dea702ce76be85699940992daf3f44823ddc128812da33dc6e2c 5955016 sane-backends_1.0.25.orig.tar.gz
 5157d076efe8ae6dd670a2a33a8e3dee0da45b1e766af0491c5d948fd7665523 114952 sane-backends_1.0.25-4.1+deb9u1.debian.tar.xz
 bb8a589d11fcbbd6bb3369c4e096cd953934e71e91fbbd3c7e2a30b8ecc149a1 10763 sane-backends_1.0.25-4.1+deb9u1_amd64.buildinfo
Files:
 e16c591719311a7cb3f65e1b45ea81dd 2174 graphics optional sane-backends_1.0.25-4.1+deb9u1.dsc
 f9ed5405b3c12f07c6ca51ee60225fe7 5955016 graphics optional sane-backends_1.0.25.orig.tar.gz
 124d89647c57b41486120177edd73c6d 114952 graphics optional sane-backends_1.0.25-4.1+deb9u1.debian.tar.xz
 1ca3ca728ffc2c37d471ebcc31cecc53 10763 graphics optional sane-backends_1.0.25-4.1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl86644ACgkQj/HLbo2J
BZ+HiQf9GUYc5UfQ1dT1qxPQRBahK4jWGVAm0w2ZBCSD3dNLi1mGz9s+Gmonh3Te
LiG7AYp/XmaDpywiHHQbJ3g0BXCYJ2yI5DFi031eodlYqOEUH9vh8G/kt0MYFzkV
naSSB9fJd0TF3RUBb5QbSHt5/1rPwCJRaiYP41wcNAPFZcZP5gmhRGr2L6eS2qxt
kK94whRf5oRVvi0uKmlbmvWpjkg7Z9aJLIQ30pUMGhlcW/LwBJjMMThoIOjCY1SK
KiHFmImoGwgWsJSpfVm/ya41Ycf+1uQVeJFQbBF9nPaLKAgxNZ2d/qedD4tsA1KE
3uztC6c05fBiOObTaAedcOOTLaNijg==
=im/L
-----END PGP SIGNATURE-----