[Buildroot] [git commit branch/2019.11.x] package/jhead: security bump to version 3.04
Peter Korsgaard
peter at korsgaard.com
Sun Mar 15 10:22:32 UTC 2020
commit: https://git.buildroot.net/buildroot/commit/?id=6deee238c7cd40c7578fd4e07c7cdcd2676edc08
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2019.11.x
- Fix CVE-2019-1010301: jhead 3.03 is affected by: Buffer Overflow. The
impact is: Denial of service. The component is: gpsinfo.c Line 151
ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG
file.
- Fix CVE-2019-1010302: jhead 3.03 is affected by: Incorrect Access
Control. The impact is: Denial of service. The component is: iptc.c
Line 122 show_IPTC(). The attack vector is: the victim must open a
specially crafted JPEG file.
- Fix CVE-2019-19035: jhead 3.03 is affected by: heap-based buffer
over-read. The impact is: Denial of service. The component is:
ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is:
Open a specially crafted JPEG file.
- Update indentation of hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit faf755b4913969f768205caf4eadba55c7ce2f44)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/jhead/jhead.hash | 4 ++--
package/jhead/jhead.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/jhead/jhead.hash b/package/jhead/jhead.hash
index 9ee5055f7c..ffe75381b3 100644
--- a/package/jhead/jhead.hash
+++ b/package/jhead/jhead.hash
@@ -1,3 +1,3 @@
# Locally calculated from download (no sig, hash)
-sha256 82194e0128d9141038f82fadcb5845391ca3021d61bc00815078601619f6c0c2 jhead-3.03.tar.gz
-sha256 46c870a208305489eea862ec8b05b030ba1f06d99195f660dc0ba541cc38d82b readme.txt
+sha256 ef89bbcf4f6c25ed88088cf242a47a6aedfff4f08cc7dc205bf3e2c0f10a03c9 jhead-3.04.tar.gz
+sha256 46c870a208305489eea862ec8b05b030ba1f06d99195f660dc0ba541cc38d82b readme.txt
diff --git a/package/jhead/jhead.mk b/package/jhead/jhead.mk
index 65f8cdb73c..d56ee0daff 100644
--- a/package/jhead/jhead.mk
+++ b/package/jhead/jhead.mk
@@ -4,7 +4,7 @@
#
################################################################################
-JHEAD_VERSION = 3.03
+JHEAD_VERSION = 3.04
JHEAD_SITE = http://www.sentex.net/~mwandel/jhead
JHEAD_LICENSE = Public Domain
JHEAD_LICENSE_FILES = readme.txt
More information about the buildroot
mailing list