summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2020-05-23 09:52:20 +0200
committerJörg Frings-Fürst <debian@jff-webhosting.net>2020-05-23 09:52:20 +0200
commitb3ca7a7c8bae4740ab95d043325972bdaf3c45ef (patch)
tree74966ddb0a35b15b78f792c34ca0b6fd56e12c6a /NEWS
parent1ae6cba5016d9ea065d064915da55afe69c7c762 (diff)
parent9c23ed018d72eed2554f4f9cff1ae6e6bb0cd479 (diff)
Update upstream source from tag 'upstream/1.0.30'
Update to upstream version '1.0.30' with Debian dir d1980efdd93517d429af686634543ede4211442d
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS28
1 files changed, 27 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 9f503b9..e9829e8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,31 @@
<!-- -*- Mode: markdown -*- -->
-## New with 1.0.29 (upcoming release)
+## New with 1.0.30 (released 2020-05-17)
+
+This release fixes several security related issues and a build issue.
+
+### Backends
+
+- `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
+ management issues found while addressing that CVE
+- `epsonds`: addresses out-of-bound memory access issues to fix
+ CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
+ addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
+ and disables network autodiscovery to mitigate CVE-2020-12866
+ (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
+ (GHSL-2020-081). Note that this backend does not support network
+ scanners to begin with.
+- `magicolor`: fixes a floating point exception and uninitialized data
+ read
+- fixes an overflow in `sanei_tcp_read()`
+
+### Build
+
+- fixes a build issue where linker flags would become link time
+ dependencies (#239)
+
+
+## New with 1.0.29 (released 2020-02-02)
### Backends
@@ -36,6 +61,7 @@
irrespective of the `pthread_t` type (#153)
- moves the `genesys` and `pixma` backends to a directory of their own
+
## New with 1.0.28 (released 2019-07-31)
### Backends