See https://bugs.gentoo.org/711220#c1.
CVE-2021-3496: A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file. Issue: https://github.com/Matthias-Wandel/jhead/issues/33 Fixed in 3.06.0.1.
CVE-2021-28275 (https://github.com/Matthias-Wandel/jhead/issues/17): A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. CVE-2021-28276 (https://github.com/Matthias-Wandel/jhead/issues/1): A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the ProcessCanonMakerNoteDir function in makernote.c. CVE-2021-28277 (https://github.com/Matthias-Wandel/jhead/issues/16): A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overflow via the RemoveUnknownSections function in jpgfile.c. CVE-2021-28278 (https://github.com/Matthias-Wandel/jhead/issues/15): A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType function in jpgfile.c. These all fixed by 3.06.0.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a47a1d8535d26adffaf93b0df37a623ed2e629c5 commit a47a1d8535d26adffaf93b0df37a623ed2e629c5 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2022-10-08 22:30:53 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2022-10-08 22:35:44 +0000 media-gfx/jhead: add 3.06.0.1 Bug: https://bugs.gentoo.org/730746 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> media-gfx/jhead/Manifest | 1 + .../jhead-3.06.0.1-mkstemp-fix-makefile.patch | 52 ++++++++++++++++++++++ media-gfx/jhead/jhead-3.06.0.1.ebuild | 24 ++++++++++ 3 files changed, 77 insertions(+)
I suppose we should move the fixed ones to a new bug this time, so the two unfixed bugs aren't moved to a *third* bug.
(In reply to John Helmert III from comment #4) > I suppose we should move the fixed ones to a new bug this time, so the two > unfixed bugs aren't moved to a *third* bug. Well, I said that then did the opposite. Whoops.
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=076fd7121bedf4e031ffbdb82f78d30568739b09 commit 076fd7121bedf4e031ffbdb82f78d30568739b09 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:12:23 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:15 +0000 [ GLSA 202210-17 ] JHead: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/730746 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-17.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)
It seems a GLSA was issued here before stabilization. Was this intentional? On stable systems users will get a glsa warning without an upgrade path.
(In reply to Hanno Böck from comment #8) > It seems a GLSA was issued here before stabilization. Was this intentional? > > On stable systems users will get a glsa warning without an upgrade path. No! This was definitely done in error. I'll stablereq now, and I apologize for the oversight.
Stabilization done, all done!
