Bug 219627 - graphics/ImageMagick7: Upgrade to recent version (v7.0.5-9) - current(v7.0.5-7) is vulnerable
Summary: graphics/ImageMagick7: Upgrade to recent version (v7.0.5-9) - current(v7.0.5-...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Koop Mast
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-29 06:40 UTC by Dani
Modified: 2017-05-31 09:11 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (kwm)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dani 2017-05-29 06:40:20 UTC
The current version 7, avilable for FreeBSD, has multiple vulnerabilities.

See here:
- https://www.cvedetails.com/cve/CVE-2017-9142/
-> Fixed: https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a

- https://www.cvedetails.com/cve/CVE-2017-9141/
-> Fixed: https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd

So both have been fixed in the current version(v7.0.5-9)
Comment 1 Dani 2017-05-29 06:44:09 UTC
Please also see bug #219497

Also, please update the vuxml-port according to bug #219497, comment #6
Comment 2 commit-hook freebsd_committer 2017-05-29 14:35:21 UTC
A commit references this bug:

Author: kwm
Date: Mon May 29 14:34:22 UTC 2017
New revision: 441987
URL: https://svnweb.freebsd.org/changeset/ports/441987

Log:
  Update ImageMagick to 7.0.5-9.

  PR:		219627

Changes:
  head/graphics/ImageMagick7/Makefile
  head/graphics/ImageMagick7/distinfo
Comment 3 Bernard Spil freebsd_committer 2017-05-30 08:04:13 UTC
Thanks Dani!
Comment 4 commit-hook freebsd_committer 2017-05-31 09:11:18 UTC
A commit references this bug:

Author: kwm
Date: Wed May 31 09:10:34 UTC 2017
New revision: 442145
URL: https://svnweb.freebsd.org/changeset/ports/442145

Log:
  This update contains a shared library bump, but this is not a problem
  since nothing in ports uses IM7 yet.

  MFH: r441080 r441596 r441987

  Update ImageMagick7 to 7.0.5-6.

  PR:		216930

  Update ImageMagick7 to 7.0.5-7.

  Update ImageMagick to 7.0.5-9.

  PR:		219627

  Approved by:	ports-secteam@ (feld@)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/graphics/ImageMagick7/Makefile
  branches/2017Q2/graphics/ImageMagick7/distinfo
  branches/2017Q2/graphics/ImageMagick7/pkg-plist
  branches/2017Q2/graphics/ImageMagick7-nox11/Makefile