Bug 213032

Summary: graphics/ImageMagick: Upgrade to 6.9.5-10 (security fixes)
Product: Ports & Packages Reporter: VK <vlad-fbsd>
Component: Individual Port(s)Assignee: Mark Felder <feld>
Status: Closed FIXED    
Severity: Affects Some People CC: feld, ports-secteam
Priority: --- Keywords: patch, security
Version: LatestFlags: bugzilla: maintainer-feedback? (kwm)
vlad-fbsd: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776#10
Attachments:
Description Flags
Upgrade ImageMagick to 6.9.5-10 none

Description VK freebsd_triage 2016-09-27 21:15:25 UTC 
Created attachment 175206 [details]
Upgrade ImageMagick to 6.9.5-10

Please upgrade ImageMagick. There are some security vulns apparently fixed since the current version, but unfortunately I can't make heads or tails of it, there's no single concise list of such issues that I could find, except this Debian security advisory.

https://www.debian.org/security/2016/dsa-3675

More specifically, list of issues fixed in Debian in 6.9.5-{8,9}:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776#10

I also don't know if ImageMagick7 is affected.

The patch builds fine in a Poudriere 11.0-RELEASE amd64 jail. Currently testing 10.3 and 9.3. It takes a while since the build is rather large, esp. with X11.
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-10-12 01:37:54 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 12 01:37:49 UTC 2016
New revision: 423817
URL: https://svnweb.freebsd.org/changeset/ports/423817

Log:
  Document ImageMagick vulnerabilities

  PR:		213032

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-10-12 01:41:57 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 12 01:41:35 UTC 2016
New revision: 423818
URL: https://svnweb.freebsd.org/changeset/ports/423818

Log:
  graphics/ImageMagick: Update to 6.9.5-10

  This update resolves several security vulnerabilities

  PR:		213032
  MFH:		2016Q4

Changes:
  head/graphics/ImageMagick/Makefile
  head/graphics/ImageMagick/distinfo
Comment 3 commit-hook freebsd_committer freebsd_triage 2016-10-12 01:42:58 UTC 
A commit references this bug:

Author: feld
Date: Wed Oct 12 01:42:02 UTC 2016
New revision: 423819
URL: https://svnweb.freebsd.org/changeset/ports/423819

Log:
  MFH: r423818

  graphics/ImageMagick: Update to 6.9.5-10

  This update resolves several security vulnerabilities

  PR:		213032

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/graphics/ImageMagick/Makefile
  branches/2016Q4/graphics/ImageMagick/distinfo