summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2020-05-23 09:51:36 +0200
committerJörg Frings-Fürst <debian@jff-webhosting.net>2020-05-23 09:51:36 +0200
commit9c23ed018d72eed2554f4f9cff1ae6e6bb0cd479 (patch)
tree341ed14001deb0670a2b98b72039885c9a204dcf /NEWS
parentffa8801644a7d53cc1c785e3450f794c07a14eb0 (diff)
New upstream version 1.0.30upstream/1.0.30
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS28
1 files changed, 27 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 9f503b9..e9829e8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,31 @@
<!-- -*- Mode: markdown -*- -->
-## New with 1.0.29 (upcoming release)
+## New with 1.0.30 (released 2020-05-17)
+
+This release fixes several security related issues and a build issue.
+
+### Backends
+
+- `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
+ management issues found while addressing that CVE
+- `epsonds`: addresses out-of-bound memory access issues to fix
+ CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
+ addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
+ and disables network autodiscovery to mitigate CVE-2020-12866
+ (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
+ (GHSL-2020-081). Note that this backend does not support network
+ scanners to begin with.
+- `magicolor`: fixes a floating point exception and uninitialized data
+ read
+- fixes an overflow in `sanei_tcp_read()`
+
+### Build
+
+- fixes a build issue where linker flags would become link time
+ dependencies (#239)
+
+
+## New with 1.0.29 (released 2020-02-02)
### Backends
@@ -36,6 +61,7 @@
irrespective of the `pthread_t` type (#153)
- moves the `genesys` and `pixma` backends to a directory of their own
+
## New with 1.0.28 (released 2019-07-31)
### Backends