Package: jhead Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for jhead.
CVE-2008-4641[0]: | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and | earlier allows attackers to execute arbitrary commands via shell | metacharacters in unspecified input. CVE-2008-4640[1]: | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and | earlier allows local users to delete arbitrary files via vectors | involving a modified input filename in which (1) a final "z" character | is replaced by a "t" character or (2) a final "t" character is | replaced by a "z" character. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4641 http://security-tracker.debian.net/tracker/CVE-2008-4641 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4640 http://security-tracker.debian.net/tracker/CVE-2008-4640 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpbVa7GRrku2.pgp
Description: PGP signature
