[Buildroot] [PATCH 1/1] package/jhead: security bump to version 3.04

Peter Korsgaard peter at korsgaard.com
Sun Mar 15 10:23:03 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix CVE-2019-1010301: jhead 3.03 is affected by: Buffer Overflow. The
 >   impact is: Denial of service. The component is: gpsinfo.c Line 151
 >   ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG
 >   file.
 > - Fix CVE-2019-1010302: jhead 3.03 is affected by: Incorrect Access
 >   Control. The impact is: Denial of service. The component is: iptc.c
 >   Line 122 show_IPTC(). The attack vector is: the victim must open a
 >   specially crafted JPEG file.
 > - Fix CVE-2019-19035: jhead 3.03 is affected by: heap-based buffer
 >   over-read. The impact is: Denial of service. The component is:
 >   ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is:
 >   Open a specially crafted JPEG file.
 > - Update indentation of hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2019.02.x and 2019.11.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list