Bug 213032 - graphics/ImageMagick: Upgrade to 6.9.5-10 (security fixes)
Summary: graphics/ImageMagick: Upgrade to 6.9.5-10 (security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Mark Felder
URL: https://bugs.debian.org/cgi-bin/bugre...
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2016-09-27 21:15 UTC by VK
Modified: 2016-10-12 01:42 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (kwm)
vlad-fbsd: merge-quarterly?


Attachments
Upgrade ImageMagick to 6.9.5-10 (1.01 KB, patch)
2016-09-27 21:15 UTC, VK
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2016-09-27 21:15:25 UTC
Created attachment 175206 [details]
Upgrade ImageMagick to 6.9.5-10

Please upgrade ImageMagick. There are some security vulns apparently fixed since the current version, but unfortunately I can't make heads or tails of it, there's no single concise list of such issues that I could find, except this Debian security advisory.

https://www.debian.org/security/2016/dsa-3675

More specifically, list of issues fixed in Debian in 6.9.5-{8,9}:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776#10

I also don't know if ImageMagick7 is affected.

The patch builds fine in a Poudriere 11.0-RELEASE amd64 jail. Currently testing 10.3 and 9.3. It takes a while since the build is rather large, esp. with X11.
Comment 1 commit-hook freebsd_committer 2016-10-12 01:37:54 UTC
A commit references this bug:

Author: feld
Date: Wed Oct 12 01:37:49 UTC 2016
New revision: 423817
URL: https://svnweb.freebsd.org/changeset/ports/423817

Log:
  Document ImageMagick vulnerabilities

  PR:		213032

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer 2016-10-12 01:41:57 UTC
A commit references this bug:

Author: feld
Date: Wed Oct 12 01:41:35 UTC 2016
New revision: 423818
URL: https://svnweb.freebsd.org/changeset/ports/423818

Log:
  graphics/ImageMagick: Update to 6.9.5-10

  This update resolves several security vulnerabilities

  PR:		213032
  MFH:		2016Q4

Changes:
  head/graphics/ImageMagick/Makefile
  head/graphics/ImageMagick/distinfo
Comment 3 commit-hook freebsd_committer 2016-10-12 01:42:58 UTC
A commit references this bug:

Author: feld
Date: Wed Oct 12 01:42:02 UTC 2016
New revision: 423819
URL: https://svnweb.freebsd.org/changeset/ports/423819

Log:
  MFH: r423818

  graphics/ImageMagick: Update to 6.9.5-10

  This update resolves several security vulnerabilities

  PR:		213032

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/graphics/ImageMagick/Makefile
  branches/2016Q4/graphics/ImageMagick/distinfo