Created attachment 175206 [details] Upgrade ImageMagick to 6.9.5-10 Please upgrade ImageMagick. There are some security vulns apparently fixed since the current version, but unfortunately I can't make heads or tails of it, there's no single concise list of such issues that I could find, except this Debian security advisory. https://www.debian.org/security/2016/dsa-3675 More specifically, list of issues fixed in Debian in 6.9.5-{8,9}: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776#10 I also don't know if ImageMagick7 is affected. The patch builds fine in a Poudriere 11.0-RELEASE amd64 jail. Currently testing 10.3 and 9.3. It takes a while since the build is rather large, esp. with X11.
A commit references this bug: Author: feld Date: Wed Oct 12 01:37:49 UTC 2016 New revision: 423817 URL: https://svnweb.freebsd.org/changeset/ports/423817 Log: Document ImageMagick vulnerabilities PR: 213032 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: feld Date: Wed Oct 12 01:41:35 UTC 2016 New revision: 423818 URL: https://svnweb.freebsd.org/changeset/ports/423818 Log: graphics/ImageMagick: Update to 6.9.5-10 This update resolves several security vulnerabilities PR: 213032 MFH: 2016Q4 Changes: head/graphics/ImageMagick/Makefile head/graphics/ImageMagick/distinfo
A commit references this bug: Author: feld Date: Wed Oct 12 01:42:02 UTC 2016 New revision: 423819 URL: https://svnweb.freebsd.org/changeset/ports/423819 Log: MFH: r423818 graphics/ImageMagick: Update to 6.9.5-10 This update resolves several security vulnerabilities PR: 213032 Approved by: ports-secteam (with hat) Changes: _U branches/2016Q4/ branches/2016Q4/graphics/ImageMagick/Makefile branches/2016Q4/graphics/ImageMagick/distinfo