| Message ID | 20230617214256.146701-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | package/jhead: security bump to version 3.08 | expand |
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issue: > - CVE-2022-41751: Jhead 3.06.0.1 allows attackers to execute arbitrary OS > commands by placing them in a JPEG filename and then using the > regeneration -rgt50 option. > Update readme.txt hash after a minor tweak of the text: > https://github.com/Matthias-Wandel/jhead/commit/a0eed69daa6ad4b824eb81fb6e3be95de3f783c2 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: >>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: >> Fixes the following security issue: >> - CVE-2022-41751: Jhead 3.06.0.1 allows attackers to execute arbitrary OS >> commands by placing them in a JPEG filename and then using the >> regeneration -rgt50 option. >> Update readme.txt hash after a minor tweak of the text: >> https://github.com/Matthias-Wandel/jhead/commit/a0eed69daa6ad4b824eb81fb6e3be95de3f783c2 >> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> > Committed, thanks. Committed to 2023.02.x and 2023.05.x, thanks.
diff --git a/package/jhead/jhead.hash b/package/jhead/jhead.hash index bd9c8560d5..1fe856198d 100644 --- a/package/jhead/jhead.hash +++ b/package/jhead/jhead.hash @@ -1,3 +1,3 @@ # Locally calculated from download (no sig, hash) -sha256 5c5258c3d7a840bf831e22174e4a24cb1de3baf442f7cb73d5ab31b4ae0b0058 jhead-3.06.0.1.tar.gz -sha256 8b709512c737fc0c1e1024800b9a44c54d14ab02132c636a66c3ac66955c3e95 readme.txt +sha256 999a81b489c7b2a7264118f194359ecf4c1b714996a2790ff6d5d2f3940f1e9f jhead-3.08.tar.gz +sha256 b3971a74d00c834bc7f112d8a0027b25663fd1637a21381a3e5df4bd2b614dff readme.txt diff --git a/package/jhead/jhead.mk b/package/jhead/jhead.mk index a206e2fe34..f07739bc21 100644 --- a/package/jhead/jhead.mk +++ b/package/jhead/jhead.mk @@ -4,7 +4,7 @@ # ################################################################################ -JHEAD_VERSION = 3.06.0.1 +JHEAD_VERSION = 3.08 JHEAD_SITE = $(call github,Matthias-Wandel,jhead,$(JHEAD_VERSION)) JHEAD_LICENSE = Public Domain JHEAD_LICENSE_FILES = readme.txt
Fixes the following security issue: - CVE-2022-41751: Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. Update readme.txt hash after a minor tweak of the text: https://github.com/Matthias-Wandel/jhead/commit/a0eed69daa6ad4b824eb81fb6e3be95de3f783c2 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/jhead/jhead.hash | 4 ++-- package/jhead/jhead.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)