svn commit: r536757 - head/security/vuxml
Christoph Moench-Tegeder
cmt at FreeBSD.org
Thu May 28 10:20:24 UTC 2020
Author: cmt
Date: Thu May 28 10:20:23 2020
New Revision: 536757
URL: https://svnweb.freebsd.org/changeset/ports/536757
Log:
document sane-backend vulnerabilities
CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864,
CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
PR: 246803
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu May 28 10:18:09 2020 (r536756)
+++ head/security/vuxml/vuln.xml Thu May 28 10:20:23 2020 (r536757)
@@ -58,6 +58,41 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="28481349-7e20-4f80-ae1e-e6bf48d4f17c">
+ <topic>Sane -- Multiple Vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>sane-backends</name>
+ <range><lt>1.0.30</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Sane Project reports:</p>
+ <blockquote cite="https://gitlab.com/sane-project/backends/-/releases/1.0.30">
+ <p>epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory management issues found while addressing that CVE</p>
+ <p>epsonds: addresses out-of-bound memory access issues to fix CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083), addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) and disables network autodiscovery to mitigate CVE-2020-12866 (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864 (GHSL-2020-081). Note that this backend does not support network scanners to begin with.</p>
+ <p>magicolor: fixes a floating point exception and uninitialized data read</p>
+ <p>fixes an overflow in sanei_tcp_read()</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://gitlab.com/sane-project/backends/-/releases/1.0.30</url>
+ <cvename>CVE-2020-12861</cvename>
+ <cvename>CVE-2020-12862</cvename>
+ <cvename>CVE-2020-12863</cvename>
+ <cvename>CVE-2020-12864</cvename>
+ <cvename>CVE-2020-12865</cvename>
+ <cvename>CVE-2020-12866</cvename>
+ <cvename>CVE-2020-12867</cvename>
+ </references>
+ <dates>
+ <discovery>2020-05-17</discovery>
+ <entry>2020-05-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="69cf62a8-a0aa-11ea-9ea5-001b217b3468">
<topic>Gitlab -- Multiple Vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list