On Thu, Oct 16, 2008 at 08:17:01PM +0000, Ludovic Rousseau wrote: > I just packaged and uploaded a new upstream version of jhead to > correct a security problem. > > Changelog: > * New upstream release > - Closes: #502353 "Security issues fixed in 2.84" > - Fix CVE-2008-4575: "Buffer overflow in the DoCommand function in jhead > before 2.84 might allow context-dependent attackers to cause a denial of > service (crash) via (1) a long -cmd argument and (2) possibly other > unspecified vectors." > * debian/patches/05_jhead.1.dpatch: removed since applied upstream > * debian/patches/10_jhead.1.dpatch: update since not all from > 05_jhead.1.dpatch has been included upstream
Luk unblocked it. -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
pgpBQtM2LRfxR.pgp
Description: PGP signature
