Summary: | media-gfx/jhead <2.84 Buffer overflow in DoCommand (CVE-2008-{4575,4639) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled, vanquirius |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://thread.gmane.org/gmane.comp.security.oss.general/1063/focus=1071 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2008-10-19 03:13:58 UTC
Please test and mark stable / mask the old versions. FYI: As I know you can't see it from my mail address: I'm a security padawan http://www.gentoo.org/security/en/padawans.xml. amd64/x86 stable hppa stable adding graphics herd as maintainers alpha stable Sparc stable. please note that there are more unresolved issues in 2.84, as pointed out in $URL and https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 ppc64 stable This also applies: Name: CVE-2008-4639 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4639 Published: 2008-10-21 jhead.c in Matthias Wandel jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Product (guessed): Matthias Wandel jhead *** Bug 243238 has been marked as a duplicate of this bug. *** ia64 stable ppc stable Ready for vote, I vote YES. YES, filed GLSA 200901-02 |