238199 – graphics/ImageMagick7: Update to 7.0.8-47 (Fixes many vulnerabilities)

Bug 238199 - graphics/ImageMagick7: Update to 7.0.8-47 (Fixes many vulnerabilities)

Summary: graphics/ImageMagick7: Update to 7.0.8-47 (Fixes many vulnerabilities)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	amd64 Any

Importance:	Normal Affects Many People
Assignee:	Koop Mast

URL:	https://www.cvedetails.com/vulnerabil...
Keywords:	needs-patch, security

Depends on:
Blocks:

Reported:	2019-05-29 01:03 UTC by Tommy P
Modified:	2019-05-30 14:21 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (kwm) koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tommy P 2019-05-29 01:03:51 UTC

Please update to 7.0.8-47.  There are about 13 vulnerabilities between 7.0.8-22 up to pre 7.0.8-47 per:

https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html

Thank you.

Comment 1 Koop Mast freebsd_committer

2019-05-30 09:07:34 UTC

Working on updating

Comment 2 commit-hook freebsd_committer

2019-05-30 10:58:56 UTC

A commit references this bug:

Author: kwm
Date: Thu May 30 10:58:17 UTC 2019
New revision: 503063
URL: https://svnweb.freebsd.org/changeset/ports/503063

Log:
  Document ImageMagick issues.

  PR:		238199
  Reported by:	Tommy P <tommyhp2@gmail.com>
  Security:	CVE-2019-7175, CVE-2019-7395, CVE-2019-7396, CVE-2019-7397,
  		CVE-2019-7398, CVE-2019-9956, CVE-2019-10131, CVE-2019-10649,
  		CVE-2019-10650, CVE-2019-10714, CVE-2019-11470, CVE-2019-11472,
  		CVE-2019-11597, CVE-2019-11598

Changes:
  head/security/vuxml/vuln.xml

Comment 3 commit-hook freebsd_committer

2019-05-30 11:01:00 UTC

A commit references this bug:

Author: kwm
Date: Thu May 30 11:00:26 UTC 2019
New revision: 503064
URL: https://svnweb.freebsd.org/changeset/ports/503064

Log:
  Update Imagemagick6 to 6.9.10.47.

  PR:		238199
  Reported by:	Tommy P <tommyhp2@gmail.com>
  MFH:		2019Q2
  Security:	183d700e-ec70-487e-a9c4-632324afa934

Changes:
  head/graphics/ImageMagick6/Makefile
  head/graphics/ImageMagick6/distinfo
  head/graphics/ImageMagick6/pkg-plist

Comment 4 commit-hook freebsd_committer

2019-05-30 11:02:03 UTC

A commit references this bug:

Author: kwm
Date: Thu May 30 11:01:12 UTC 2019
New revision: 503065
URL: https://svnweb.freebsd.org/changeset/ports/503065

Log:
  Update ImageMagick7 to 7.0.8.47.

  PR:		238199
  Reported by:	Tommy P <tommyhp2@gmail.com>
  MFH:		2019Q2
  Security:	183d700e-ec70-487e-a9c4-632324afa934

Changes:
  head/graphics/ImageMagick7/Makefile
  head/graphics/ImageMagick7/distinfo
  head/graphics/ImageMagick7/pkg-plist

Comment 5 commit-hook freebsd_committer

2019-05-30 14:19:37 UTC

A commit references this bug:

Author: kwm
Date: Thu May 30 14:19:26 UTC 2019
New revision: 503069
URL: https://svnweb.freebsd.org/changeset/ports/503069

Log:
  MFH: r503064

  Update Imagemagick6 to 6.9.10.47.

  PR:		238199
  Reported by:	Tommy P <tommyhp2@gmail.com>
  Security:	183d700e-ec70-487e-a9c4-632324afa934

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2019Q2/
  branches/2019Q2/graphics/ImageMagick6/Makefile
  branches/2019Q2/graphics/ImageMagick6/distinfo
  branches/2019Q2/graphics/ImageMagick6/pkg-plist

Comment 6 commit-hook freebsd_committer

2019-05-30 14:20:40 UTC

A commit references this bug:

Author: kwm
Date: Thu May 30 14:20:06 UTC 2019
New revision: 503070
URL: https://svnweb.freebsd.org/changeset/ports/503070

Log:
  MFH: r503065

  Update ImageMagick7 to 7.0.8.47.

  PR:		238199
  Reported by:	Tommy P <tommyhp2@gmail.com>
  Security:	183d700e-ec70-487e-a9c4-632324afa934

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2019Q2/
  branches/2019Q2/graphics/ImageMagick7/Makefile
  branches/2019Q2/graphics/ImageMagick7/distinfo
  branches/2019Q2/graphics/ImageMagick7/pkg-plist

Comment 7 Koop Mast freebsd_committer

2019-05-30 14:21:40 UTC

Fixed, thanks for the headup. It is really hard sometimes to know about CVE's in IM. I'm going to bookmark that link you posted, which is handy.