Bug 219627

Summary: graphics/ImageMagick7: Upgrade to recent version (v7.0.5-9) - current(v7.0.5-7) is vulnerable
Product: Ports & Packages Reporter: Dani <i.dani>
Component: Individual Port(s)Assignee: Koop Mast <kwm>
Status: Closed FIXED    
Severity: Affects Many People CC: brnrd, i.dani
Priority: --- Flags: bugzilla: maintainer-feedback? (kwm)
Version: Latest   
Hardware: Any   
OS: Any   

Description Dani 2017-05-29 06:40:20 UTC
The current version 7, avilable for FreeBSD, has multiple vulnerabilities.

See here:
- https://www.cvedetails.com/cve/CVE-2017-9142/
-> Fixed: https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a

- https://www.cvedetails.com/cve/CVE-2017-9141/
-> Fixed: https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd

So both have been fixed in the current version(v7.0.5-9)
Comment 1 Dani 2017-05-29 06:44:09 UTC
Please also see bug #219497

Also, please update the vuxml-port according to bug #219497, comment #6
Comment 2 commit-hook freebsd_committer 2017-05-29 14:35:21 UTC
A commit references this bug:

Author: kwm
Date: Mon May 29 14:34:22 UTC 2017
New revision: 441987
URL: https://svnweb.freebsd.org/changeset/ports/441987

  Update ImageMagick to 7.0.5-9.

  PR:		219627

Comment 3 Bernard Spil freebsd_committer 2017-05-30 08:04:13 UTC
Thanks Dani!
Comment 4 commit-hook freebsd_committer 2017-05-31 09:11:18 UTC
A commit references this bug:

Author: kwm
Date: Wed May 31 09:10:34 UTC 2017
New revision: 442145
URL: https://svnweb.freebsd.org/changeset/ports/442145

  This update contains a shared library bump, but this is not a problem
  since nothing in ports uses IM7 yet.

  MFH: r441080 r441596 r441987

  Update ImageMagick7 to 7.0.5-6.

  PR:		216930

  Update ImageMagick7 to 7.0.5-7.

  Update ImageMagick to 7.0.5-9.

  PR:		219627

  Approved by:	ports-secteam@ (feld@)

_U  branches/2017Q2/