219627 – graphics/ImageMagick7: Upgrade to recent version (v7.0.5-9) - current(v7.0.5-7) is vulnerable

Bug 219627 - graphics/ImageMagick7: Upgrade to recent version (v7.0.5-9) - current(v7.0.5-7) is vulnerable

Summary: graphics/ImageMagick7: Upgrade to recent version (v7.0.5-9) - current(v7.0.5-...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Koop Mast

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-05-29 06:40 UTC by Dani I.
Modified:	2017-05-31 09:11 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (kwm)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dani I. 2017-05-29 06:40:20 UTC

The current version 7, avilable for FreeBSD, has multiple vulnerabilities.

See here:
- https://www.cvedetails.com/cve/CVE-2017-9142/
-> Fixed: https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a

- https://www.cvedetails.com/cve/CVE-2017-9141/
-> Fixed: https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd

So both have been fixed in the current version(v7.0.5-9)

Comment 1 Dani I. 2017-05-29 06:44:09 UTC

Please also see bug #219497

Also, please update the vuxml-port according to bug #219497, comment #6

Comment 2 commit-hook freebsd_committer

2017-05-29 14:35:21 UTC

A commit references this bug:

Author: kwm
Date: Mon May 29 14:34:22 UTC 2017
New revision: 441987
URL: https://svnweb.freebsd.org/changeset/ports/441987

Log:
  Update ImageMagick to 7.0.5-9.

  PR:		219627

Changes:
  head/graphics/ImageMagick7/Makefile
  head/graphics/ImageMagick7/distinfo

Comment 3 Bernard Spil freebsd_committer

2017-05-30 08:04:13 UTC

Thanks Dani!

Comment 4 commit-hook freebsd_committer

2017-05-31 09:11:18 UTC

A commit references this bug:

Author: kwm
Date: Wed May 31 09:10:34 UTC 2017
New revision: 442145
URL: https://svnweb.freebsd.org/changeset/ports/442145

Log:
  This update contains a shared library bump, but this is not a problem
  since nothing in ports uses IM7 yet.

  MFH: r441080 r441596 r441987

  Update ImageMagick7 to 7.0.5-6.

  PR:		216930

  Update ImageMagick7 to 7.0.5-7.

  Update ImageMagick to 7.0.5-9.

  PR:		219627

  Approved by:	ports-secteam@ (feld@)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/graphics/ImageMagick7/Makefile
  branches/2017Q2/graphics/ImageMagick7/distinfo
  branches/2017Q2/graphics/ImageMagick7/pkg-plist
  branches/2017Q2/graphics/ImageMagick7-nox11/Makefile