CVE-2008-4575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4575): Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) possibly other unspecified vectors.
Please test and mark stable / mask the old versions. FYI: As I know you can't see it from my mail address: I'm a security padawan http://www.gentoo.org/security/en/padawans.xml.
amd64/x86 stable
hppa stable
adding graphics herd as maintainers
alpha stable
Sparc stable.
please note that there are more unresolved issues in 2.84, as pointed out in $URL and https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
ppc64 stable
This also applies: Name: CVE-2008-4639 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4639 Published: 2008-10-21 jhead.c in Matthias Wandel jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Product (guessed): Matthias Wandel jhead
*** Bug 243238 has been marked as a duplicate of this bug. ***
ia64 stable
ppc stable
Ready for vote, I vote YES.
YES, filed
GLSA 200901-02