[ubuntu/focal-security] jhead 1:3.04-1ubuntu0.1 (Accepted)

George-Andrei Iosif andrei.iosif at canonical.com
Tue May 23 06:43:02 UTC 2023


jhead (1:3.04-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow when processing the DQT markers
    - debian/patches/CVE-2020-6624.patch: Adds further DQT verifications in
      jpgqguess.c.
    - CVE-2020-6624
  * SECURITY UPDATE: heap out-of-bounds read when processing longitude tags
    - debian/patches/CVE-2020-6625.patch: Adds further verifications in
      gpsinfo.c.
    - CVE-2020-6625
  * SECURITY UPDATE: heap buffer overflow when reading JPEG sections
    - debian/patches/CVE-2020-26208.patch: Allocates additional 20 bytes in
      jpgfile.c.
    - CVE-2020-26208
  * SECURITY UPDATE: heap out-of-bounds read when processing Canon images
    - debian/patches/CVE-2021-28276_28278.patch: Adds further verifications in
      makernote.c.
    - CVE-2021-28276
  * SECURITY UPDATE: heap buffer overflow when removing a certain type of
    section
    - debian/patches/CVE-2021-28276_28278.patch: Adds further verifications
      while processing nested EXIF directories in exif.c.
    - CVE-2021-28278

Date: 2023-05-18 08:43:07.668617+00:00
Changed-By: George-Andrei Iosif <andrei.iosif at canonical.com>
https://launchpad.net/ubuntu/+source/jhead/1:3.04-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list