When saned receives a SANE_NET_CONTROL_OPTION with value_type == SANE_TYPE_STRING and value_size larger than the actual length of the requested string, the response packet from the server contains a string object as long as value_size in the request. The bytes following the actual string appear to contain memory contents of the server. Upstream bug: https://alioth.debian.org/tracker/index.php?func=detail&aid=315576&group_id=30186&atid=410366 Upstream patch: https://anonscm.debian.org/git/sane/sane-backends.git/commit/?id=42896939822b44f44ecd1b6
Maintainer needed package with reverse dependencies, any of those needing this dep that can take maintainership of the package?
1.0.27 in the tree fixes this
arm stable
ia64 stable
amd64 stable
x86 stable
ppc/ppc64 stable
Stable on alpha.
hppa stable
@maintainer(s), please clean the vulnerable versions.
tree is clean https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b18866564df6c8c88e8fc4146484dfa492dea5e