Accepted sane-backends 1.0.25-4.1+deb9u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 13 Aug 2020 18:59:57 +0200
Source: sane-backends
Binary: sane-utils libsane-common libsane libsane-dev libsane-dbg
Architecture: source
Version: 1.0.25-4.1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Jörg Frings-Fürst <debian@jff-webhosting.net>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
libsane - API library for scanners
libsane-common - API library for scanners -- documentation and support files
libsane-dbg - API development library for scanners [debug symbols]
libsane-dev - API development library for scanners [development files]
sane-utils - API library for scanners -- utilities
Changes:
sane-backends (1.0.25-4.1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2020-12862: an out-of-bounds read in SANE Backends before 1.0.30
may allow a malicious device connected to the same local network as
the victim to read important information, such as the ASLR offsets of
the program, aka GHSL-2020-082.
* CVE-2020-12863: an out-of-bounds read in SANE Backends before 1.0.30
may allow a malicious device connected to the same local network as
the victim to read important information, such as the ASLR offsets of
the program, aka GHSL-2020-083.
* CVE-2020-12865: a heap buffer overflow in SANE Backends before 1.0.30
may allow a malicious device connected to the same local network as
the victim to execute arbitrary code, aka GHSL-2020-084.
* CVE-2020-12867: a NULL pointer dereference in sanei_epson_net_read in
SANE Backends before 1.0.30 allows a malicious device connected to the
same local network as the victim to cause a denial of service, aka
GHSL-2020-075.
* Fix debian/tests/start-net.
Checksums-Sha1:
2ccb7e59a72f9b10d31bd0ec04c724078460d627 2174 sane-backends_1.0.25-4.1+deb9u1.dsc
05824922d91571e1fc2f5cdd270745783d593754 5955016 sane-backends_1.0.25.orig.tar.gz
097ca36c6ee57c2be76d309e8c82a39bfad3d58b 114952 sane-backends_1.0.25-4.1+deb9u1.debian.tar.xz
c93478b7c97df42f9058a3547c0eb85a653cb0b8 10763 sane-backends_1.0.25-4.1+deb9u1_amd64.buildinfo
Checksums-Sha256:
364e6afb70351c60a6ac5f444315751c2bd08724b02472cd48779ae70e1c8a5f 2174 sane-backends_1.0.25-4.1+deb9u1.dsc
a4d7ba8d62b2dea702ce76be85699940992daf3f44823ddc128812da33dc6e2c 5955016 sane-backends_1.0.25.orig.tar.gz
5157d076efe8ae6dd670a2a33a8e3dee0da45b1e766af0491c5d948fd7665523 114952 sane-backends_1.0.25-4.1+deb9u1.debian.tar.xz
bb8a589d11fcbbd6bb3369c4e096cd953934e71e91fbbd3c7e2a30b8ecc149a1 10763 sane-backends_1.0.25-4.1+deb9u1_amd64.buildinfo
Files:
e16c591719311a7cb3f65e1b45ea81dd 2174 graphics optional sane-backends_1.0.25-4.1+deb9u1.dsc
f9ed5405b3c12f07c6ca51ee60225fe7 5955016 graphics optional sane-backends_1.0.25.orig.tar.gz
124d89647c57b41486120177edd73c6d 114952 graphics optional sane-backends_1.0.25-4.1+deb9u1.debian.tar.xz
1ca3ca728ffc2c37d471ebcc31cecc53 10763 graphics optional sane-backends_1.0.25-4.1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl86644ACgkQj/HLbo2J
BZ+HiQf9GUYc5UfQ1dT1qxPQRBahK4jWGVAm0w2ZBCSD3dNLi1mGz9s+Gmonh3Te
LiG7AYp/XmaDpywiHHQbJ3g0BXCYJ2yI5DFi031eodlYqOEUH9vh8G/kt0MYFzkV
naSSB9fJd0TF3RUBb5QbSHt5/1rPwCJRaiYP41wcNAPFZcZP5gmhRGr2L6eS2qxt
kK94whRf5oRVvi0uKmlbmvWpjkg7Z9aJLIQ30pUMGhlcW/LwBJjMMThoIOjCY1SK
KiHFmImoGwgWsJSpfVm/ya41Ycf+1uQVeJFQbBF9nPaLKAgxNZ2d/qedD4tsA1KE
3uztC6c05fBiOObTaAedcOOTLaNijg==
=im/L
-----END PGP SIGNATURE-----