Your message dated Mon, 25 May 2020 22:33:36 +0000 with message-id <e1jdlf6-000hir...@fasolo.debian.org> and subject line Bug#961302: fixed in sane-backends 1.0.30-1~experimental1 has caused the Debian Bug report #961302, regarding sane-backends 1.0.30 released with security fixes to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 961302: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: sane-backends Version: 1.0.29-1~experimental4 Severity: grave Tags: security upstream Justification: user security hole The Sane team released a new version of sane-backends a few days ago, fixing about 5 or 6 CVEs. From [their announcement][1]: ,---- | Kevin Backhouse of the [GitHub Security Lab team][1] has discovered | several issues in the epson2, epsonds and magicolor backends that could | be exploited by a malicious network device. All three backends are | enabled by default. Moreover, all enable automatic discovery of network | devices. The issues can be used to crash SANE frontends at start up or | when starting a scan as well as corrupt memory leading to a possibility | of remote code execution. `---- [1]: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html Please, upload a new version of the package as soon as possible. Thanks, Rogério Brito. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.6.0-1-rt-amd64 (SMP w/4 CPU cores; PREEMPT) Kernel taint flags: TAINT_WARN, TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_US.utf-8, LC_CTYPE=pt_BR.utf-8 (charmap=UTF-8), LANGUAGE=en_US.utf-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Rogério Brito : rbrito@{ime.usp.br,gmail.com} : GPG key 4096R/BCFCAAAA http://cynic.cc/blog/ : github.com/rbrito : profiles.google.com/rbrito DebianQA: http://qa.debian.org/developer.php?login=rbrito%40ime.usp.br
--- End Message ---
--- Begin Message ---Source: sane-backends Source-Version: 1.0.30-1~experimental1 Done: =?utf-8?q?J=C3=B6rg_Frings-F=C3=BCrst?= <debian@jff.email> We believe that the bug you reported is fixed in the latest version of sane-backends, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 961...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jörg Frings-Fürst <debian@jff.email> (supplier of updated sane-backends package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 24 May 2020 19:45:00 +0200 Source: sane-backends Architecture: source Version: 1.0.30-1~experimental1 Distribution: experimental Urgency: medium Maintainer: Jörg Frings-Fürst <debian@jff.email> Changed-By: Jörg Frings-Fürst <debian@jff.email> Closes: 961302 Changes: sane-backends (1.0.30-1~experimental1) experimental; urgency=medium . * New upstream release (Closes: #961302): - fixes CVE-2020-12867, CVE-2020-12862, CVE-2020-12863, CVE-2020-12865, CVE-2020-12861, CVE-2020-12864. * Migrate to debhelper 13: - Bump minimum debhelper-compat version in debian/control to = 13. * debian/watch: Fix to new gitlab download structure. * debian/rules: - Remove DEB_LDFLAGS_MAINT_APPEND after lintian warning. - Add override_dh_installman-arch to remove obsolete man page sane-config.1. * debian/control: - Replace Conflicts with Breaks. * Remove debian/libsane-dev.preinst because sane-config was removed in oldstable. Checksums-Sha1: 3b42e28d00f0d017d3a50a91b604c6f895bebdc9 2436 sane-backends_1.0.30-1~experimental1.dsc 0cc47d91e54ec72f33017c7460a109fd6410f262 5721262 sane-backends_1.0.30.orig.tar.gz af59bf071a4b6fd7e06adf88141f60cac1e8151f 72596 sane-backends_1.0.30-1~experimental1.debian.tar.xz 76c96abc702d4c65acc0d5091c762ea7de9ee2c7 8096 sane-backends_1.0.30-1~experimental1_source.buildinfo Checksums-Sha256: 353e73664d75823101cf40cecaa48cb681a4bdbad50945b66fee489262acb796 2436 sane-backends_1.0.30-1~experimental1.dsc dff68f2b14d756635ae49f1dfc6faa0645293521b3fae42da956b61ae25b493b 5721262 sane-backends_1.0.30.orig.tar.gz 6e9ce58a2ca172da577d82dbb51696624c4786878e8085387793c352430129cc 72596 sane-backends_1.0.30-1~experimental1.debian.tar.xz f32ef863b20278fe56d16df3ac08cf119b1292a5f9dd5d46a11b6664985b2e53 8096 sane-backends_1.0.30-1~experimental1_source.buildinfo Files: 01268e728ac4ddc5710d1892c4ca7894 2436 graphics optional sane-backends_1.0.30-1~experimental1.dsc 1df5c7856bc4444fbebfbfe9ec9c2277 5721262 graphics optional sane-backends_1.0.30.orig.tar.gz 5fd316c3fa1317f33038de79d34a8f2b 72596 graphics optional sane-backends_1.0.30-1~experimental1.debian.tar.xz d880f6220e510be2b41be3bad884162d 8096 graphics optional sane-backends_1.0.30-1~experimental1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAl7MQlQACgkQweDZLphv fH57NxAArcrS8s0+skLNfGQQmHj2YjSZ+2PomYpXm/IEsBUnZI+tSqJccBvfoEw6 xZy+Zbt1LUXnW6T3HsczE3s7pBx1eV/0ps5XJuDtsaPIGnL5fgoEwjjK3924NTxL cuhlJoJvd3isdw2vp1zarwcL91FNPFhMfyS/4rGO+hlfuW1+hN2Mw4a0VwuWlAl1 JgzHr2gGugmcnk8TtyO6JOG2Zg+bdijzNV1Ctt0jSzoqz+glKYsQ9dPQZ0gLZcNd MLdTYoCpgRAeY/DA7tudODVxYNDyRN88pYaF2p1I2MosfBDDm8gw+TpCeLkZYiE4 PNOLeQk+YH7edQs8nqj1UoqFmIhpHcF6zEmeShPK59u0/LuEmqareju9UOsMSYD3 V8mG82KETMuOntxOKoFalESqB6UlKlHuEpcGOl+A3ObYM1jDqvwU6H/lzGp+/sIZ Mj6JraPXJNhTCeALd92yC1z96jj2WQ1tHNpV6CeJhMqLCLxnn2IC4pa6iY+0KVpQ bhOlgCJG+45Atf0Q9VoW6jQGKyefqhN7Ti1wKTHCkD+HUPM4CPO0AZlJlclPrWHk sZmBNAawAxqu92yevfqH09tM6nqSsSTFZdcLoEkj1fklidLGqcTPsgL6dyD7Y9k+ vpMTXyNZ607m6vHury0TKuS5YHuuIwyWELwYIYAwGZ1o13zLiQ8= =ht3L -----END PGP SIGNATURE-----
--- End Message ---
