I just packaged and uploaded a new upstream version of jhead to
correct a security problem.
Changelog:
* New upstream release
- Closes: #502353 "Security issues fixed in 2.84"
- Fix CVE-2008-4575: "Buffer overflow in the DoCommand function in jhead
before 2.84 might allow context-dependent attackers to cause a denial of
service (crash) via (1) a long -cmd argument and (2) possibly other
unspecified vectors."
* debian/patches/05_jhead.1.dpatch: removed since applied upstream
* debian/patches/10_jhead.1.dpatch: update since not all from
05_jhead.1.dpatch has been included upstream
Just tell me if that is not the correct way to move the package to Lenny.
Thanks
--
Dr. Ludovic Rousseau
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
