Source: sane-backends
Version: 1.0.29-1~experimental4
Severity: grave
Tags: security upstream
Justification: user security hole

The Sane team released a new version of sane-backends a few days ago, fixing
about 5 or 6 CVEs. From [their announcement][1]:

| Kevin Backhouse of the [GitHub Security Lab team][1] has discovered
| several issues in the epson2, epsonds and magicolor backends that could
| be exploited by a malicious network device.  All three backends are
| enabled by default.  Moreover, all enable automatic discovery of network
| devices.  The issues can be used to crash SANE frontends at start up or
| when starting a scan as well as corrupt memory leading to a possibility
| of remote code execution.


Please, upload a new version of the package as soon as possible.


Rogério Brito.

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (150, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.6.0-1-rt-amd64 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_US.utf-8, LC_CTYPE=pt_BR.utf-8 (charmap=UTF-8), 
LANGUAGE=en_US.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Rogério Brito : rbrito@{,} : GPG key 4096R/BCFCAAAA : :

Reply via email to