jhead 3.03 is affected by: heap-based buffer over-read. The impact is:
Denial of service. The component is: ReadJpegSections and process_SOFn in
jpgfile.c. The attack vector is: Open a specially crafted JPEG file.
Should be fixed in 3.04 according to https://bugzilla.redhat.com/show_bug.cgi?id=1765647#c1
@maintainer(s), please create an appropriate ebuild, and call for stabilisation when ready.
The bug has been referenced in the following commit(s):
Author: John Helmert III <email@example.com>
AuthorDate: 2020-06-24 20:39:38 +0000
Commit: Andreas K. Hüttel <firstname.lastname@example.org>
CommitDate: 2020-07-04 14:25:02 +0000
media-gfx/jhead: Security bump to 3.04
EAPI bumped, src_prepare refactored away, added PATCHES array instead
with a patch that includes the effects of the previous patch. This patch
also includes adding Makefile functionality to create a shared library
that was removed upstream since the last version we have.
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: John Helmert III <email@example.com>
Signed-off-by: Andreas K. Hüttel <firstname.lastname@example.org>
media-gfx/jhead/Manifest | 1 +
.../files/jhead-3.04-mkstemp-fix-makefile.patch | 53 ++++++++++++++++++++++
media-gfx/jhead/jhead-3.04.ebuild | 24 ++++++++++
3 files changed, 78 insertions(+)
The bug has been closed via the following commit(s):
Author: Sam James <email@example.com>
AuthorDate: 2020-07-27 12:32:20 +0000
Commit: Sam James <firstname.lastname@example.org>
CommitDate: 2020-07-27 12:32:20 +0000
[ GLSA 202007-17 ] Add missing bug #701826
This does not change the severity or impact of the GLSA.
Signed-off-by: Sam James <email@example.com>
glsa-202007-17.xml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)