Opened 2 years ago
Last modified 2 months ago
#16962 new enhancement
ImageMagick (Update before next release)
Reported by: | Bruce Dubbs | Owned by: | blfs-book |
---|---|---|---|
Priority: | normal | Milestone: | pre-release |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New version.
Change History (9)
comment:1 by , 21 months ago
Owner: | changed from | to
---|
comment:2 by , 21 months ago
Owner: | changed from | to
---|---|
Summary: | ImageMagick-7.1.0-47 (Update before next release) → ImageMagick (Update before next release) |
Updated to 7.1.0-61 in b26ff3c85d3f6abd0a28de2bf38ebc3c63e3abae 11.2-1073
comment:3 by , 16 months ago
I've seen a few mentions of ImageMagick CVEs recently, but it is hard to get a rliable source. Yesterday I found https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html which is not-exactly reliable (as with other sites, a mix of IM-6.9 and IM-7.0+), and the item marked there as Critical appears to be invalid (not a default option), working as defined. Hovever, some items are valid for 7.0+. Will raise a ticket.
for the future, ChangeLog is now at https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
comment:5 by , 13 months ago
Milestone: | hold → pre-release |
---|
comment:6 by , 8 months ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Latest version is now 7.1.1-28 from 11th February.
changes are listed at the ChangeLog.md link above. There are links to GHSA security advisories for 7.1.1-24 for corrupt DejaVu images and to test if meta channels exceed max, but the links are dead and no advisories are listed after 7.1.1-13.
It appears ImageMagick is now its own CVE Numbering Authority (CNA) - there were commits in 7.1.1-16 to update SECURITY.md.
Nevertheless, Mitre has recorded a few CVEs raised by RedHat, of which one applies to ImageMagick after 7.1.1-15:
CVE-2023-5341 A heap use-after-free flaw was found in coders/bmp.c Medium - fix is in 7.1.1-19
There were some other CVEs raised by RedHat, but no links to commits at ImageMagick, so perhaps disputed.
I'll take a look at 7.1.1-28
comment:7 by , 8 months ago
Updates completed in a series of three commits ending in sha:r12.0-1559-g2864283c1e
comment:8 by , 8 months ago
Owner: | changed from | to
---|---|
Status: | assigned → new |
Security Advisory SA-12.0-099 created.
Current is 7.1.0-61 from Sunday. Changelog at https://github.com/ImageMagick/Website/blob/main/ChangeLog.md - seems to just be bugfixes since 7.1.0-49.