1) CVE-2019-1010301 Description: "jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file." URL: https://www.cvedetails.com/cve/CVE-2019-1010301/ 2) CVE-2019-1010302 Description: "jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file." URL: https://www.cvedetails.com/cve/CVE-2019-1010302/ --- Affected versions: - <3.04? (https://www.sentex.ca/~mwandel/jhead/changes.txt)
Adding 2 more CVE's to this (Same Version) CVE-2020-6625 (NEW) Closejhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. CVE-2020-6624 (NEW) Closejhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=67e090339cb570cde380194dbc8b68089d9de311 commit 67e090339cb570cde380194dbc8b68089d9de311 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-06-24 20:39:38 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2020-07-04 14:25:02 +0000 media-gfx/jhead: Security bump to 3.04 EAPI bumped, src_prepare refactored away, added PATCHES array instead with a patch that includes the effects of the previous patch. This patch also includes adding Makefile functionality to create a shared library that was removed upstream since the last version we have. Bug: https://bugs.gentoo.org/701826 Bug: https://bugs.gentoo.org/711220 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16406 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> media-gfx/jhead/Manifest | 1 + .../files/jhead-3.04-mkstemp-fix-makefile.patch | 53 ++++++++++++++++++++++ media-gfx/jhead/jhead-3.04.ebuild | 24 ++++++++++ 3 files changed, 78 insertions(+)
(In reply to Yury German from comment #1) > Adding 2 more CVE's to this (Same Version) > > > CVE-2020-6625 (NEW) > Closejhead through 3.04 has a heap-based buffer over-read in Get32s when > called from ProcessGpsInfo in gpsinfo.c. > > > CVE-2020-6624 (NEW) > Closejhead through 3.04 has a heap-based buffer over-read in process_DQT in > jpgqguess.c. I'll put these in a new bug just because then we can handle all the fixed stuff together.
No open bugs. Will stable if no objections?
ppc64 stable
ppc stable
x86 stable
amd64 stable
sparc stable. Please cleanup.
GLSA vote: yes
This issue was resolved and addressed in GLSA 202007-17 at https://security.gentoo.org/glsa/202007-17 by GLSA coordinator Sam James (sam_c).
(In reply to GLSAMaker/CVETool Bot from comment #11) > This issue was resolved and addressed in > GLSA 202007-17 at https://security.gentoo.org/glsa/202007-17 > by GLSA coordinator Sam James (sam_c). Reopening for cleanup.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40cb226be567e8f6b584268028b59b07812e8532 commit 40cb226be567e8f6b584268028b59b07812e8532 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-27 02:34:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-27 03:15:18 +0000 media-gfx/jhead: security cleanup Closes: https://bugs.gentoo.org/711220 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/jhead/Manifest | 2 -- .../files/jhead-2.90-mkstemp_respect_flags.patch | 26 ------------------ media-gfx/jhead/jhead-2.97.ebuild | 31 --------------------- media-gfx/jhead/jhead-3.00-r2.ebuild | 30 -------------------- media-gfx/jhead/jhead-3.00.ebuild | 32 ---------------------- 5 files changed, 121 deletions(-)
