summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2020-05-26 12:15:18 +0200
committerJörg Frings-Fürst <debian@jff-webhosting.net>2020-05-26 12:15:18 +0200
commitc393b9b94c4718c86df08b26ec36a4a2ba4c34ad (patch)
treec085558d171157c60138c85a02a9d43e92d4b4e4 /NEWS
parent55a1f6d3b8dcb0493a112602ea277a706554efcd (diff)
parentd2c6277fad9d31cde9499c4a34c0bb3e30efa509 (diff)
Merge branch 'release/experimental/1.0.30-1_experimental1'experimental/1.0.30-1_experimental1
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS28
1 files changed, 27 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 9f503b9..e9829e8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,31 @@
<!-- -*- Mode: markdown -*- -->
-## New with 1.0.29 (upcoming release)
+## New with 1.0.30 (released 2020-05-17)
+
+This release fixes several security related issues and a build issue.
+
+### Backends
+
+- `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory
+ management issues found while addressing that CVE
+- `epsonds`: addresses out-of-bound memory access issues to fix
+ CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083),
+ addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084)
+ and disables network autodiscovery to mitigate CVE-2020-12866
+ (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864
+ (GHSL-2020-081). Note that this backend does not support network
+ scanners to begin with.
+- `magicolor`: fixes a floating point exception and uninitialized data
+ read
+- fixes an overflow in `sanei_tcp_read()`
+
+### Build
+
+- fixes a build issue where linker flags would become link time
+ dependencies (#239)
+
+
+## New with 1.0.29 (released 2020-02-02)
### Backends
@@ -36,6 +61,7 @@
irrespective of the `pthread_t` type (#153)
- moves the `genesys` and `pixma` backends to a directory of their own
+
## New with 1.0.28 (released 2019-07-31)
### Backends