Ubuntu
jhead package

Change logs for jhead source package in Focal

  1. Focal (20.04)
  2. Change log 
  • jhead (1:3.04-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow while rotating an image
    - debian/patches/CVE-2021-34055.patch: If a read EXIF section in
      jpgfile.c, then discard it.
    - CVE-2021-34055
  * SECURITY UPDATE: code execution when regenerating the Exif thumbnail
    - debian/patches/CVE-2022-41751.patch: Adds a check in jhead.c for
      dangerous characters in filenames.
    - CVE-2022-41751

 -- George-Andrei Iosif <email address hidden>  Wed, 24 May 2023 14:08:36 +0300
  • jhead (1:3.04-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow when processing the DQT markers
    - debian/patches/CVE-2020-6624.patch: Adds further DQT verifications in
      jpgqguess.c.
    - CVE-2020-6624
  * SECURITY UPDATE: heap out-of-bounds read when processing longitude tags
    - debian/patches/CVE-2020-6625.patch: Adds further verifications in
      gpsinfo.c.
    - CVE-2020-6625
  * SECURITY UPDATE: heap buffer overflow when reading JPEG sections
    - debian/patches/CVE-2020-26208.patch: Allocates additional 20 bytes in
      jpgfile.c.
    - CVE-2020-26208
  * SECURITY UPDATE: heap out-of-bounds read when processing Canon images
    - debian/patches/CVE-2021-28276_28278.patch: Adds further verifications in
      makernote.c.
    - CVE-2021-28276
  * SECURITY UPDATE: heap buffer overflow when removing a certain type of
    section
    - debian/patches/CVE-2021-28276_28278.patch: Adds further verifications
      while processing nested EXIF directories in exif.c.
    - CVE-2021-28278

 -- George-Andrei Iosif <email address hidden>  Wed, 17 May 2023 15:50:56 +0300
  • jhead (1:3.04-1) unstable; urgency=medium

  * New upstream release
  * Fix "CVE-2019-19035" in new upstream (Closes: #944961)
  * d/p/30_spelling: removed, included upstream
  * d/p/29_reproducible: removed, included upstream
  * d/p/28_spelling: removed, included upstream
  * d/p/26_makefile: removed, included upstream
  * d/p/25_makefile: removed, included upstream
  * d/p/27_documentation: removed, included upstream
  * d/p/32_crash_in_gpsinfo: removed, included upstream
  * d/p/33_fix_908176: removed, included upstream
  * d/p/34_buffer_overflow: removed, included upstream
  * d/p/35_fix_alloc_size: removed, fix included upstream
  * d/p/36_CVE-2019-1010301rm: removed, included upstream
  * d/p/37_CVE-2019-1010302rm: removed, included upstream
  * d/control: Standards-Version: 4.2.1 -> 4.3.0. No change needed

 -- Ludovic Rousseau <email address hidden>  Fri, 22 Nov 2019 17:41:30 +0100
  • jhead (1:3.03-3) unstable; urgency=medium

  * rebuild for source only upload

 -- Ludovic Rousseau <email address hidden>  Sat, 03 Aug 2019 14:53:14 +0200