Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service
(crash) via (1) a long -cmd argument and (2) possibly other
Please test and mark stable / mask the old versions.
FYI: As I know you can't see it from my mail address: I'm a security padawan http://www.gentoo.org/security/en/padawans.xml.
adding graphics herd as maintainers
please note that there are more unresolved issues in 2.84, as pointed out in $URL and https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
This also applies:
jhead.c in Matthias Wandel jhead before 2.84 allows local users to
overwrite arbitrary files via a symlink attack on a temporary file.
Product (guessed): Matthias Wandel jhead
*** Bug 243238 has been marked as a duplicate of this bug. ***
Ready for vote, I vote YES.