diff --git a/CVE-2020-12863.patch b/CVE-2020-12863.patch new file mode 100644 index 0000000..57a27d3 --- /dev/null +++ b/CVE-2020-12863.patch @@ -0,0 +1,27 @@ +From db9480b09ea807e52029f2334769a55d4b95e45b Mon Sep 17 00:00:00 2001 +From: Olaf Meeuwissen +Date: Mon, 27 Apr 2020 18:24:56 +0900 +Subject: [PATCH] epsonds: Read only up to seven hexdigits to determine payload + size + +Addresses GHSL-2020-083, re #279. +--- + backend/epsonds-cmd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/backend/epsonds-cmd.c b/backend/epsonds-cmd.c +index 9a4db3080..23327bb18 100644 +--- a/backend/epsonds-cmd.c ++++ b/backend/epsonds-cmd.c +@@ -117,7 +117,7 @@ esci2_check_header(const char *cmd, const char *buf, unsigned int *more) + return 0; + } + +- err = sscanf(&buf[5], "%x#", more); ++ err = sscanf(&buf[5], "%7x#", more); + if (err != 1) { + DBG(1, "cannot decode length from header\n"); + return 0; +-- +GitLab + diff --git a/sane-backends.spec b/sane-backends.spec index 569d6d9..2d82ac1 100644 --- a/sane-backends.spec +++ b/sane-backends.spec @@ -3,9 +3,9 @@ Name: sane-backends Version: 1.0.28 -Release: 10 +Release: 11 Summary: Scanner access software -License: GPLv2+ and GPLv2+ with exceptions and Public Domain and IJG and LGPLv2+ and MIT +License: GPLv2+ and GPLv2+ and Public Domain and IJG and LGPLv2+ and MIT URL: http://www.sane-project.org Source0: https://gitlab.com/sane-project/backends/uploads/9e718daff347826f4cfe21126c8d5091/%{name}-%{version}.tar.gz Source1: saned.socket @@ -26,6 +26,7 @@ Patch0004: CVE-2020-12867.patch Patch0005: Add-check-for-ports-to-avoid-Segmentation-fault.patch Patch0006: CVE-2020-12862.patch Patch0007: CVE-2020-12865.patch +Patch0008: CVE-2020-12863.patch %description SANE (Scanner Access Now Easy) is a sane and simple interface to both local and networked scanners @@ -208,6 +209,9 @@ exit 0 %{_unitdir}/* %changelog +* Sat Oct 09 2021 houyingchao - 1.0.28-11 +- Fix CVE-2020-12863 + * Fri Feb 05 2021 wangyue - 1.0.28-10 - Fix CVE-2020-12862 CVE-2020-12865