Re: please unblock jhead 2.84. RC bug 502353 , Fix CVE-2008-4575

To: Ludovic Rousseau <ludovic.rousseau@gmail.com>
Cc: debian-release@lists.debian.org
Subject: Re: please unblock jhead 2.84. RC bug 502353 , Fix CVE-2008-4575
From: Pierre Habouzit <madcoder@debian.org>
Date: Sat, 18 Oct 2008 18:27:10 +0200
Message-id: <20081018162710.GJ4803@artemis>
Mail-followup-to: Ludovic Rousseau <ludovic.rousseau@gmail.com>, debian-release@lists.debian.org
In-reply-to: <baabf6440810161317k684fd0ech339878e59c15de2f@mail.gmail.com>
References: <baabf6440810161317k684fd0ech339878e59c15de2f@mail.gmail.com>

On Thu, Oct 16, 2008 at 08:17:01PM +0000, Ludovic Rousseau wrote:
> I just packaged and uploaded a new upstream version of jhead to
> correct a security problem.
> 
> Changelog:
>    * New upstream release
>     - Closes: #502353 "Security issues fixed in 2.84"
>     - Fix CVE-2008-4575: "Buffer overflow in the DoCommand function in jhead
>     before 2.84 might allow context-dependent attackers to cause a denial of
>     service (crash) via (1) a long -cmd argument and (2) possibly other
>     unspecified vectors."
>    * debian/patches/05_jhead.1.dpatch: removed since applied upstream
>    * debian/patches/10_jhead.1.dpatch: update since not all from
>      05_jhead.1.dpatch has been included upstream

Luk unblocked it.
-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgpoiEjyOux7w.pgp
Description: PGP signature

Reply to:

References:
- please unblock jhead 2.84. RC bug 502353 , Fix CVE-2008-4575
  - From: "Ludovic Rousseau" <ludovic.rousseau@gmail.com>

Prev by Date: Re: Please unblock jta_2.6+dfsg-1.1
Next by Date: Re: cracklib2 bashism in update-cracklib fixed
Previous by thread: please unblock jhead 2.84. RC bug 502353 , Fix CVE-2008-4575
Next by thread: please unblock ruby1.9/1.9.0.2-8
Index(es):
- Date
- Thread