* [Buildroot] [git commit branch/2023.05.x] package/jhead: security bump to version 3.08
@ 2023-07-06 10:32 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2023-07-06 10:32 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=77379306610d4b519a7f483ad91571470b3fd13d
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.05.x
Fixes the following security issue:
- CVE-2022-41751: Jhead 3.06.0.1 allows attackers to execute arbitrary OS
commands by placing them in a JPEG filename and then using the
regeneration -rgt50 option.
Update readme.txt hash after a minor tweak of the text:
https://github.com/Matthias-Wandel/jhead/commit/a0eed69daa6ad4b824eb81fb6e3be95de3f783c2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 39ffadd6ae8c472e083c431a957ec575c1cebce2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/jhead/jhead.hash | 4 ++--
package/jhead/jhead.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/jhead/jhead.hash b/package/jhead/jhead.hash
index bd9c8560d5..1fe856198d 100644
--- a/package/jhead/jhead.hash
+++ b/package/jhead/jhead.hash
@@ -1,3 +1,3 @@
# Locally calculated from download (no sig, hash)
-sha256 5c5258c3d7a840bf831e22174e4a24cb1de3baf442f7cb73d5ab31b4ae0b0058 jhead-3.06.0.1.tar.gz
-sha256 8b709512c737fc0c1e1024800b9a44c54d14ab02132c636a66c3ac66955c3e95 readme.txt
+sha256 999a81b489c7b2a7264118f194359ecf4c1b714996a2790ff6d5d2f3940f1e9f jhead-3.08.tar.gz
+sha256 b3971a74d00c834bc7f112d8a0027b25663fd1637a21381a3e5df4bd2b614dff readme.txt
diff --git a/package/jhead/jhead.mk b/package/jhead/jhead.mk
index a206e2fe34..f07739bc21 100644
--- a/package/jhead/jhead.mk
+++ b/package/jhead/jhead.mk
@@ -4,7 +4,7 @@
#
################################################################################
-JHEAD_VERSION = 3.06.0.1
+JHEAD_VERSION = 3.08
JHEAD_SITE = $(call github,Matthias-Wandel,jhead,$(JHEAD_VERSION))
JHEAD_LICENSE = Public Domain
JHEAD_LICENSE_FILES = readme.txt
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2023-07-06 10:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-06 10:32 [Buildroot] [git commit branch/2023.05.x] package/jhead: security bump to version 3.08 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.