[Bug 2023109] [NEW] Please drop and block jhead
Launchpad Bug Tracker
2023109 at bugs.launchpad.net
Tue Jun 6 20:36:59 UTC 2023
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
Hello, I find the code quality of the jhead package very troubling.
Upstream seems uninterested in fixing grossly negligent code issues:
https://github.com/Matthias-Wandel/jhead/issues/74
https://github.com/Matthias-Wandel/jhead/issues/75
Often times security fixes are of dubious quality:
https://github.com/Matthias-Wandel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062
https://github.com/Matthias-Wandel/jhead/commit/a8e4cc2454ec0d08dc823c8edc20e402f4c856fb#commitcomment-98193945
(FWIW I think the "EDITOR can be malicious" was a silly CVE that
shouldn't have been assigned but the code quality here is still pretty
low.)
Please consider dropping jhead from our devel release and blocking
automatic import from Debian.
Thanks
** Affects: jhead (Ubuntu)
Importance: Undecided
Status: New
--
Please drop and block jhead
https://bugs.launchpad.net/bugs/2023109
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is subscribed to the bug report.
More information about the ubuntu-archive
mailing list