projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cba42d7) | patch
package/jhead: security bump to version 3.04
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Wed, 4 Mar 2020 21:45:32 +0000 (22:45 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 5 Mar 2020 15:35:42 +0000 (16:35 +0100)
commitfaf755b4913969f768205caf4eadba55c7ce2f44
tree052294bab2c98dcc422507d4c222baa97e70cfbftree
parentcba42d7f55b5845160b710c4488b95089c7cb558commit | diff
package/jhead: security bump to version 3.04

- Fix CVE-2019-1010301: jhead 3.03 is affected by: Buffer Overflow. The
  impact is: Denial of service. The component is: gpsinfo.c Line 151
  ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG
  file.
- Fix CVE-2019-1010302: jhead 3.03 is affected by: Incorrect Access
  Control. The impact is: Denial of service. The component is: iptc.c
  Line 122 show_IPTC(). The attack vector is: the victim must open a
  specially crafted JPEG file.
- Fix CVE-2019-19035: jhead 3.03 is affected by: heap-based buffer
  over-read. The impact is: Denial of service. The component is:
  ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is:
  Open a specially crafted JPEG file.
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/jhead/jhead.hash diff | blob | history
package/jhead/jhead.mk diff | blob | history