Le 5 mai 2016 22:04:13 GMT+02:00, Simon McVittie <s...@debian.org> a écrit : >Package: imagemagick-common >Version: 8:6.8.9.9-7+b2 >Severity: grave >Tags: security >Justification: user security hole > >I'm sure you're already aware of ><https://security-tracker.debian.org/tracker/CVE-2016-3714>, the most >serious >of the recent batch of ImageMagick vulnerabilities published at ><https://imagetragick.com/>. > >There does not seem to be a full upstream fix yet, but it seems the >vulnerabilities can be mitigated by altering the policy.xml file in >imagemagick-common. The cost of this mitigation is that some obscure >file formats, and some features that perhaps shouldn't have been >implemented in the first place, are disabled.
I think so. Will try to Cook something this week end. If not (i am just thé father of a newborn) feel free to NMU >Regards, > S > >-- Package-specific info: >ImageMagick program version >--------------------------- >animate: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >compare: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >convert: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >composite: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >conjure: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >display: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >identify: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >import: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >mogrify: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >montage: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org >stream: ImageMagick 6.8.9-9 Q16 x86_64 2016-04-08 >http://www.imagemagick.org > >-- System Information: >Debian Release: stretch/sid > APT prefers unstable >APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, >'experimental') >Architecture: amd64 (x86_64) >Foreign Architectures: i386 > >Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores) >Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) >Shell: /bin/sh linked to /bin/dash >Init: systemd (via /run/systemd/system) > >Versions of packages imagemagick depends on: >ii imagemagick-6.q16 8:6.8.9.9-7+b2 > >imagemagick recommends no packages. > >imagemagick suggests no packages. > >-- no debconf information > >_______________________________________________ >Pkg-gmagick-im-team mailing list >pkg-gmagick-im-t...@lists.alioth.debian.org >http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gmagick-im-team -- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.
