!25 Fix CVE-2020-12863
From: @houyingchao Reviewed-by: @miao_kaibo,@ruebb Signed-off-by: @ruebb
This commit is contained in:
openeuler-ci-bot
Gitee
commit
2b0f749a73
27
CVE-2020-12863.patch
Normal file
27
CVE-2020-12863.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From db9480b09ea807e52029f2334769a55d4b95e45b Mon Sep 17 00:00:00 2001
|
||||
From: Olaf Meeuwissen <paddy-hack@member.fsf.org>
|
||||
Date: Mon, 27 Apr 2020 18:24:56 +0900
|
||||
Subject: [PATCH] epsonds: Read only up to seven hexdigits to determine payload
|
||||
size
|
||||
|
||||
Addresses GHSL-2020-083, re #279.
|
||||
---
|
||||
backend/epsonds-cmd.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/backend/epsonds-cmd.c b/backend/epsonds-cmd.c
|
||||
index 9a4db3080..23327bb18 100644
|
||||
--- a/backend/epsonds-cmd.c
|
||||
+++ b/backend/epsonds-cmd.c
|
||||
@@ -117,7 +117,7 @@ esci2_check_header(const char *cmd, const char *buf, unsigned int *more)
|
||||
return 0;
|
||||
}
|
||||
|
||||
- err = sscanf(&buf[5], "%x#", more);
|
||||
+ err = sscanf(&buf[5], "%7x#", more);
|
||||
if (err != 1) {
|
||||
DBG(1, "cannot decode length from header\n");
|
||||
return 0;
|
||||
--
|
||||
GitLab
|
||||
|
||||
@ -3,9 +3,9 @@
|
||||
|
||||
Name: sane-backends
|
||||
Version: 1.0.28
|
||||
Release: 10
|
||||
Release: 11
|
||||
Summary: Scanner access software
|
||||
License: GPLv2+ and GPLv2+ with exceptions and Public Domain and IJG and LGPLv2+ and MIT
|
||||
License: GPLv2+ and GPLv2+ and Public Domain and IJG and LGPLv2+ and MIT
|
||||
URL: http://www.sane-project.org
|
||||
Source0: https://gitlab.com/sane-project/backends/uploads/9e718daff347826f4cfe21126c8d5091/%{name}-%{version}.tar.gz
|
||||
Source1: saned.socket
|
||||
@ -26,6 +26,7 @@ Patch0004: CVE-2020-12867.patch
|
||||
Patch0005: Add-check-for-ports-to-avoid-Segmentation-fault.patch
|
||||
Patch0006: CVE-2020-12862.patch
|
||||
Patch0007: CVE-2020-12865.patch
|
||||
Patch0008: CVE-2020-12863.patch
|
||||
|
||||
%description
|
||||
SANE (Scanner Access Now Easy) is a sane and simple interface to both local and networked scanners
|
||||
@ -208,6 +209,9 @@ exit 0
|
||||
%{_unitdir}/*
|
||||
|
||||
%changelog
|
||||
* Sat Oct 09 2021 houyingchao <houyingchao@huawei.com> - 1.0.28-11
|
||||
- Fix CVE-2020-12863
|
||||
|
||||
* Fri Feb 05 2021 wangyue <wangyue92@huawei.com> - 1.0.28-10
|
||||
- Fix CVE-2020-12862 CVE-2020-12865
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user