diff --git a/SOURCES/0001-epsonds-Prevent-possible-buffer-overflow-when-readin.patch b/SOURCES/0001-epsonds-Prevent-possible-buffer-overflow-when-readin.patch
new file mode 100644
index 0000000..9f74c38
--- /dev/null
+++ b/SOURCES/0001-epsonds-Prevent-possible-buffer-overflow-when-readin.patch
@@ -0,0 +1,72 @@
+From b9b0173409df73e235da2aa0dae5edd21fb55967 Mon Sep 17 00:00:00 2001
+From: Olaf Meeuwissen <paddy-hack@member.fsf.org>
+Date: Mon, 27 Apr 2020 18:48:29 +0900
+Subject: [PATCH] epsonds: Prevent possible buffer overflow when reading image
+ data
+
+Addresses GHSL-2020-084, re #279.
+---
+ backend/epsonds-cmd.c |  5 +++++
+ backend/epsonds.c     | 12 +++++++-----
+ backend/epsonds.h     |  1 +
+ 3 files changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/backend/epsonds-cmd.c b/backend/epsonds-cmd.c
+index 9a4db3080..c182aa51a 100644
+--- a/backend/epsonds-cmd.c
++++ b/backend/epsonds-cmd.c
+@@ -876,6 +876,11 @@ esci2_img(struct epsonds_scanner *s, SANE_Int *length)
+ 		return parse_status;
+ 	}
+ 
++	/* more data than was accounted for in s->buf */
++	if (more > s->bsz) {
++		return SANE_STATUS_IO_ERROR;
++	}
++
+ 	/* ALWAYS read image data */
+ 	if (s->hw->connection == SANE_EPSONDS_NET) {
+ 		epsonds_net_request_read(s, more);
+diff --git a/backend/epsonds.c b/backend/epsonds.c
+index ff5d68106..fb9694a88 100644
+--- a/backend/epsonds.c
++++ b/backend/epsonds.c
+@@ -1230,16 +1230,18 @@ sane_start(SANE_Handle handle)
+ 	if (s->line_buffer == NULL)
+ 		return SANE_STATUS_NO_MEM;
+ 
+-	/* ring buffer for front page, twice bsz */
++	/* transfer buffer size, bsz */
+ 	/* XXX read value from scanner */
+-	status = eds_ring_init(&s->front, (65536 * 4) * 2);
++	s->bsz = (65536 * 4);
++
++	/* ring buffer for front page */
++	status = eds_ring_init(&s->front, s->bsz * 2);
+ 	if (status != SANE_STATUS_GOOD) {
+ 		return status;
+ 	}
+ 
+-	/* transfer buffer, bsz */
+-	/* XXX read value from scanner */
+-	s->buf = realloc(s->buf, 65536 * 4);
++	/* transfer buffer */
++	s->buf = realloc(s->buf, s->bsz);
+ 	if (s->buf == NULL)
+ 		return SANE_STATUS_NO_MEM;
+ 
+diff --git a/backend/epsonds.h b/backend/epsonds.h
+index 0427ef3b4..401b0f32c 100644
+--- a/backend/epsonds.h
++++ b/backend/epsonds.h
+@@ -160,6 +160,7 @@ struct epsonds_scanner
+ 	Option_Value val[NUM_OPTIONS];
+ 	SANE_Parameters params;
+ 
++	size_t bsz;		/* transfer buffer size */
+ 	SANE_Byte *buf, *line_buffer;
+ 	ring_buffer *current, front, back;
+ 
+-- 
+2.25.4
+
diff --git a/SPECS/sane-backends.spec b/SPECS/sane-backends.spec
index 259f081..2249376 100644
--- a/SPECS/sane-backends.spec
+++ b/SPECS/sane-backends.spec
@@ -33,7 +33,7 @@
 Summary: Scanner access software
 Name: sane-backends
 Version: 1.0.27
-Release: 19%{?dist}
+Release: 19%{?dist}.1
 # lib/ is LGPLv2+, backends are GPLv2+ with exceptions
 # Tools are GPLv2+, docs are public domain
 # see LICENSE for details
@@ -59,6 +59,8 @@ Patch3: sane-backends-saned-manpage.patch
 Patch4: sane-backends-canon-lide-100.patch
 # Revert samsung patch from upstream (upstream tracker https://alioth.debian.org/tracker/index.php?func=detail&aid=315876&group_id=30186&atid=410366)
 Patch5: sane-backends-revert-samsung-patch.patch
+# 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2_img
+Patch6: 0001-epsonds-Prevent-possible-buffer-overflow-when-readin.patch
 
 URL: http://www.sane-project.org
 
@@ -90,6 +92,10 @@ Obsoletes: sane-backends < 1.0.25-3
 Conflicts: sane-backends < 1.0.25-3
 %endif
 
+# fix for 1852668, 1852667, 1852666, 1852665 - autodiscovery is not supported in epsonds
+# backend, so disable it during post scriptlet (grep and sed are needed for the scriptlet)
+Requires: grep, sed
+
 %description
 Scanner Access Now Easy (SANE) is a universal scanner interface.  The
 SANE application programming interface (API) provides standardized
@@ -194,6 +200,7 @@ access image acquisition devices available on the local host.
 %patch3 -p1 -b .saned-manpage
 %patch4 -p1 -b .canon-lide-100
 %patch5 -p1 -b .revert-samsung-patch
+%patch6 -p1 -b .prevent-buffer-overflow
 
 %build
 CFLAGS="%optflags -fno-strict-aliasing"
@@ -273,6 +280,14 @@ install -m 644 saned@.service %{buildroot}%{_unitdir}
 %post
 udevadm hwdb --update >/dev/null 2>&1 || :
 
+# check if there is autodiscovery enabled in epsonds.conf
+autodiscovery=`%{_bindir}/grep -E '^[[:space:]]*net[[:space:]]*autodiscovery' /etc/sane.d/epsonds.conf`
+if [ -n "$autodiscovery" ]
+then
+  # comment out 'net autodiscovery' if it is not commented out
+  %{_bindir}/sed -i 's,^[[:space:]]*net[[:space:]]*autodiscovery,#net autodiscovery,g' /etc/sane.d/epsonds.conf
+fi
+
 %postun
 udevadm hwdb --update >/dev/null 2>&1 || :
 
@@ -355,6 +370,10 @@ exit 0
 %{_unitdir}/saned@.service
 
 %changelog
+* Wed Jul 01 2020 Zdenek Dohnal <zdohnal@redhat.com> - 1.0.27-19.1
+- 1852468, 1852467, 1852466, 1852465 - prevent buffer overflow in esci2_img
+- 1852668, 1852667, 1852666, 1852665 - disable autodiscovery for epsonds backend
+
 * Tue Jul 24 2018 Zdenek Dohnal <zdohnal@redhat.com> - 1.0.27-19
 - corrected license