please unblock jhead 2.84. RC bug 502353 , Fix CVE-2008-4575

To: debian-release@lists.debian.org
Subject: please unblock jhead 2.84. RC bug 502353 , Fix CVE-2008-4575
From: "Ludovic Rousseau" <ludovic.rousseau@gmail.com>
Date: Thu, 16 Oct 2008 22:17:01 +0200
Message-id: <baabf6440810161317k684fd0ech339878e59c15de2f@mail.gmail.com>

I just packaged and uploaded a new upstream version of jhead to
correct a security problem.

Changelog:
   * New upstream release
    - Closes: #502353 "Security issues fixed in 2.84"
    - Fix CVE-2008-4575: "Buffer overflow in the DoCommand function in jhead
    before 2.84 might allow context-dependent attackers to cause a denial of
    service (crash) via (1) a long -cmd argument and (2) possibly other
    unspecified vectors."
   * debian/patches/05_jhead.1.dpatch: removed since applied upstream
   * debian/patches/10_jhead.1.dpatch: update since not all from
     05_jhead.1.dpatch has been included upstream


Just tell me if that is not the correct way to move the package to Lenny.

Thanks

-- 
 Dr. Ludovic Rousseau

Reply to:

Follow-Ups:
- Re: please unblock jhead 2.84. RC bug 502353 , Fix CVE-2008-4575
  - From: Pierre Habouzit <madcoder@debian.org>

Prev by Date: cracklib2 bashism in update-cracklib fixed
Next by Date: Re: Status of gnade in lenny?
Previous by thread: Re: cracklib2 bashism in update-cracklib fixed
Next by thread: Re: please unblock jhead 2.84. RC bug 502353 , Fix CVE-2008-4575
Index(es):
- Date
- Thread