diff options
| author | Christoph Moench-Tegeder <cmt@FreeBSD.org> | 2020-05-28 18:20:23 +0800 |
|---|---|---|
| committer | Christoph Moench-Tegeder <cmt@FreeBSD.org> | 2020-05-28 18:20:23 +0800 |
| commit | 7b84dc383673bb3c67e330e45142c54ce8640954 (patch) | |
| tree | 3a814058c62e904c51f1de1f80f841bc4dbf940e /security | |
| parent | a3fef7e2962a0734cec338e43c05b24c3cb00d46 (diff) | |
| download | freebsd-ports-gnome-7b84dc383673bb3c67e330e45142c54ce8640954.tar.gz freebsd-ports-gnome-7b84dc383673bb3c67e330e45142c54ce8640954.tar.zst freebsd-ports-gnome-7b84dc383673bb3c67e330e45142c54ce8640954.zip | |
document sane-backend vulnerabilities
CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864,
CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
PR: 246803
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 049b97ae01fa..a4f4e9373130 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="28481349-7e20-4f80-ae1e-e6bf48d4f17c"> + <topic>Sane -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>sane-backends</name> + <range><lt>1.0.30</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Sane Project reports:</p> + <blockquote cite="https://gitlab.com/sane-project/backends/-/releases/1.0.30"> + <p>epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory management issues found while addressing that CVE</p> + <p>epsonds: addresses out-of-bound memory access issues to fix CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083), addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) and disables network autodiscovery to mitigate CVE-2020-12866 (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864 (GHSL-2020-081). Note that this backend does not support network scanners to begin with.</p> + <p>magicolor: fixes a floating point exception and uninitialized data read</p> + <p>fixes an overflow in sanei_tcp_read()</p> + </blockquote> + </body> + </description> + <references> + <url>https://gitlab.com/sane-project/backends/-/releases/1.0.30</url> + <cvename>CVE-2020-12861</cvename> + <cvename>CVE-2020-12862</cvename> + <cvename>CVE-2020-12863</cvename> + <cvename>CVE-2020-12864</cvename> + <cvename>CVE-2020-12865</cvename> + <cvename>CVE-2020-12866</cvename> + <cvename>CVE-2020-12867</cvename> + </references> + <dates> + <discovery>2020-05-17</discovery> + <entry>2020-05-28</entry> + </dates> + </vuln> + <vuln vid="69cf62a8-a0aa-11ea-9ea5-001b217b3468"> <topic>Gitlab -- Multiple Vulnerabilities</topic> <affects> |