Merge branch 'release/experimental/1.0.30-1_experimental1'experimental/1.0.30-1_experimental1

1 files changed, 27 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 9f503b9..e9829e8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,31 @@
 <!-- -*- Mode: markdown -*- -->
 
-## New with 1.0.29 (upcoming release)
+## New with 1.0.30 (released 2020-05-17)
+
+This release fixes several security related issues and a build issue.
+
+### Backends
+
+- `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
+  management issues found while addressing that CVE
+- `epsonds`: addresses out-of-bound memory access issues to fix
+  CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
+  addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
+  and disables network autodiscovery to mitigate CVE-2020-12866
+  (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
+  (GHSL-2020-081).  Note that this backend does not support network
+  scanners to begin with.
+- `magicolor`: fixes a floating point exception and uninitialized data
+  read
+- fixes an overflow in `sanei_tcp_read()`
+
+### Build
+
+- fixes a build issue where linker flags would become link time
+  dependencies (#239)
+
+
+## New with 1.0.29 (released 2020-02-02)
 
 ### Backends
 
@@ -36,6 +61,7 @@
   irrespective of the `pthread_t` type (#153)
 - moves the `genesys` and `pixma` backends to a directory of their own
 
+
 ## New with 1.0.28 (released 2019-07-31)
 
 ### Backends