László Böszörményi (GCS) writes:
> On Tue, Sep 20, 2016 at 9:56 AM, Stephan Großberndt
> wrote:
>> Do you think 1.3.25-2 might be the used for a stable update?
> Upgrade to a newer version in stable is not easy and I can remember
> one, maybe two cases when it was allowed.
> In this case I'm n
On Tue, 20 Sep 2016, László Böszörményi wrote:
Do you think 1.3.25-2 might be the used for a stable update?
Upgrade to a newer version in stable is not easy and I can remember
one, maybe two cases when it was allowed.
In this case I'm not sure it should be the path.
1.3.25 is the "fix" for s
On Tue, Sep 20, 2016 at 9:56 AM, Stephan Großberndt
wrote:
> in the meantime its graphicsmagick 1.3.25-2 on Debian Stretch, but Jessie -
> which is the current stable release - still has 12 security issues going
> back to 2015:
Yes, I consider this my fault. The other part is that there are way
t
Hi,
in the meantime its graphicsmagick 1.3.25-2 on Debian Stretch, but
Jessie - which is the current stable release - still has 12 security
issues going back to 2015:
CVE-2016-5241
CVE-2016-5240
CVE-2016-5239
CVE-2016-5118
CVE-2016-3718
CVE-2016-3717
CVE-2016-3716
CVE-2016-3715
CVE-2016-3714
On Tue, 5 Jul 2016, László Böszörményi wrote:
I don't think 1.3.24 would be an easy target for Jessie. Maybe apply
the first set of patches, release it as a DSA, then add the others, a
new DSA... But it's also not the best idea.
I include the Security Team to this discussion, what they say about
Hi Carsten,
On Tue, Jul 5, 2016 at 1:13 PM, Carsten Leonhardt wrote:
> maybe it would be possible to use 1.3.24 for a stable update? I think
> the current situation with the unpatched graphicsmagick in stable is
> quite unacceptable.
I agree, graphicsmagick needs to be updated as soon as possibl
Hi László,
maybe it would be possible to use 1.3.24 for a stable update? I think
the current situation with the unpatched graphicsmagick in stable is
quite unacceptable.
Carsten
Hi Stephan,
On Mon, Jun 6, 2016 at 1:43 PM, Stephan Großberndt
wrote:
> what is the reason there is no fix for graphicsmagick CVE-2016-5118 on
> jessie? this is the current stable debian distribution, wheezy and sid have
> released fixes but none for jessie?
I don't want to comment on the Wheezy
Hi,
what is the reason there is no fix for graphicsmagick CVE-2016-5118 on
jessie? this is the current stable debian distribution, wheezy and sid
have released fixes but none for jessie?
https://security-tracker.debian.org/tracker/CVE-2016-5118
Apparently this is also the case for ALL securi
Source: graphicsmagick
Version: 1.3.23-3
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for graphicsmagick.
CVE-2016-5118[0]:
popen() shell vulnerability via filename
If you fix the vulnerability please also make sure to include the
CVE (Common Vulne
10 matches
Mail list logo
