2.84 released:
http://www.sentex.net/~mwandel/jhead/
http://www.sentex.net/~mwandel/jhead/changes.txt
Marking public.
** Visibility changed to: Public
** Summary changed:
- jhead static string for -cmd too small
+ jhead: multiple security vulnerabilities
--
jhead: multiple security vulnerabil
As bug has security implications and upstream has not been contacted
yet, I have unsubscribed ubuntu-bugs, subscribed ubuntu-security and
jdong. John will contact upstream. Please make public when appropriate.
Thanks for your work on this!
** Visibility changed to: Private
** This bug has been fl
I'd also like to point out that from a simple glance at jhead.c there
are plenty of other security issues present, including unsafe temp file
creation, other routines calling DoCommand, more unchecked buffers,
shell escapes, unsafe buffer sized strcat's in ModifyDescriptComment,
and so on. This who
Using an extremely long -cmd leads to stack protector being tripped. The
ExecString and TempName should probably be dynamically allocated based
on the strlen of the command.
---
*** stack smashing detected ***: jhead terminated
=== Backtrace: =
/lib/tls/i686/cmov/libc.so.6(__fortify_
** Changed in: jhead (Ubuntu)
Sourcepackagename: None => jhead
** Tags added: bitesize
--
jhead static string for -cmd too small
https://bugs.launchpad.net/bugs/271020
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mail
** Attachment added: "patch"
http://launchpadlibrarian.net/17663279/patch
--
jhead static string for -cmd too small
https://bugs.launchpad.net/bugs/271020
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
u
