On Mon, Mar 30, 2026 at 4:42 PM Naman Jain via lists.openembedded.org <[email protected]> wrote: > > From: Naman Jain <[email protected]> > > Hi, > > This patch upgrades ImageMagick from 7.1.1-47 to 7.1.2-15 to address multiple > security vulnerabilities. > Do note that there are 50+ open vulnerabilities in current imagemagick > version. It include 5+ CVEs with critical score. It will be very challanging > to > backport all the CVE fixes. > > Reference: > https://lists.openembedded.org/g/openembedded-devel/message/125827?p=%2C%2C%2C20%2C0%2C0%2C0%3A%3Acreated%2C%2Cimagemagick%3A+cve%2C20%2C2%2C0%2C118574723 > > Along with the version upgrade, relevant upstream oe-core changes between > these versions have been incorporated to maintain alignment and avoid > regressions.
I do not think this version upgrade falls under what is acceptable for a stable branch. Thanks, Anuj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#125975): https://lists.openembedded.org/g/openembedded-devel/message/125975 Mute This Topic: https://lists.openembedded.org/mt/118575713/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
