[Buildroot] [PATCH 1/1] package/jhead: security bump to version 3.04
Peter Korsgaard
peter at korsgaard.com
Sun Mar 15 10:23:03 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix CVE-2019-1010301: jhead 3.03 is affected by: Buffer Overflow. The
> impact is: Denial of service. The component is: gpsinfo.c Line 151
> ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG
> file.
> - Fix CVE-2019-1010302: jhead 3.03 is affected by: Incorrect Access
> Control. The impact is: Denial of service. The component is: iptc.c
> Line 122 show_IPTC(). The attack vector is: the victim must open a
> specially crafted JPEG file.
> - Fix CVE-2019-19035: jhead 3.03 is affected by: heap-based buffer
> over-read. The impact is: Denial of service. The component is:
> ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is:
> Open a specially crafted JPEG file.
> - Update indentation of hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list