Information on source package sane-backends

Available versions

ReleaseVersion
jessie1.0.24-8+deb8u3
stretch1.0.25-4.1+deb9u2
buster1.0.27-3.2
bullseye1.0.31-4.1
bookworm1.2.1-2
trixie1.3.0-1
sid1.3.0-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2020-12867fixedfixedvulnerable (no DSA)fixedfixedfixedfixedA NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...
CVE-2020-12866fixedvulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedfixedfixedA NULL pointer dereference in SANE Backends before 1.0.30 allows a mal ...
CVE-2020-12865fixedfixedvulnerable (no DSA)fixedfixedfixedfixedA heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...
CVE-2020-12864fixedvulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedfixedfixedAn out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...
CVE-2020-12863fixedfixedvulnerable (no DSA)fixedfixedfixedfixedAn out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...
CVE-2020-12862fixedfixedvulnerable (no DSA)fixedfixedfixedfixedAn out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...
CVE-2020-12861fixedvulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedfixedfixedA heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-46052vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableSane 1.2.1 heap bounds overwrite in init_options() from backend/test.c ...
CVE-2023-46047vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableAn issue in Sane 1.2.1 allows a local attacker to execute arbitrary co ...

Resolved issues

BugDescription
CVE-2017-6318saned in sane-backends 1.0.25 allows remote attackers to obtain sensit ...
CVE-2003-0778saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...
CVE-2003-0777saned in sane-backends 1.0.7 and earlier, when debug messages are enab ...
CVE-2003-0776saned in sane-backends 1.0.7 and earlier does not properly "check the ...
CVE-2003-0775saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrar ...
CVE-2003-0774saned in sane-backends 1.0.7 and earlier does not quickly handle conne ...
CVE-2003-0773saned in sane-backends 1.0.7 and earlier does not check the IP address ...

Security announcements

DSA / DLADescription
DLA-2332-2sane-backends - regression update
DLA-2332-1sane-backends - security update
DLA-2231-1sane-backends - security update
DLA-940-1sane-backends - security update
DSA-379sane-backends - several vulnerabilities

Search for package or bug name: Reporting problems