Date: Thu, 28 May 2020 10:20:23 +0000 (UTC) From: Christoph Moench-Tegeder <cmt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r536757 - head/security/vuxml Message-ID: <202005281020.04SAKNRf050798@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cmt Date: Thu May 28 10:20:23 2020 New Revision: 536757 URL: https://svnweb.freebsd.org/changeset/ports/536757 Log: document sane-backend vulnerabilities CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867 PR: 246803 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu May 28 10:18:09 2020 (r536756) +++ head/security/vuxml/vuln.xml Thu May 28 10:20:23 2020 (r536757) @@ -58,6 +58,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="28481349-7e20-4f80-ae1e-e6bf48d4f17c"> + <topic>Sane -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>sane-backends</name> + <range><lt>1.0.30</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Sane Project reports:</p> + <blockquote cite="https://gitlab.com/sane-project/backends/-/releases/1.0.30"> + <p>epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory management issues found while addressing that CVE</p> + <p>epsonds: addresses out-of-bound memory access issues to fix CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083), addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) and disables network autodiscovery to mitigate CVE-2020-12866 (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864 (GHSL-2020-081). Note that this backend does not support network scanners to begin with.</p> + <p>magicolor: fixes a floating point exception and uninitialized data read</p> + <p>fixes an overflow in sanei_tcp_read()</p> + </blockquote> + </body> + </description> + <references> + <url>https://gitlab.com/sane-project/backends/-/releases/1.0.30</url> + <cvename>CVE-2020-12861</cvename> + <cvename>CVE-2020-12862</cvename> + <cvename>CVE-2020-12863</cvename> + <cvename>CVE-2020-12864</cvename> + <cvename>CVE-2020-12865</cvename> + <cvename>CVE-2020-12866</cvename> + <cvename>CVE-2020-12867</cvename> + </references> + <dates> + <discovery>2020-05-17</discovery> + <entry>2020-05-28</entry> + </dates> + </vuln> + <vuln vid="69cf62a8-a0aa-11ea-9ea5-001b217b3468"> <topic>Gitlab -- Multiple Vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005281020.04SAKNRf050798>