* [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.10.51
@ 2020-12-20 22:20 Fabrice Fontaine
2020-12-21 9:47 ` Peter Korsgaard
2020-12-22 10:54 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-12-20 22:20 UTC (permalink / raw)
To: buildroot
- Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
7.0.10-40 mishandles the -authenticate option, which allows setting a
password for password-protected PDF files. The user-controlled password
was not properly escaped/sanitized and it was therefore possible to
inject additional shell commands via coders/pdf.c.
- Update license hash (correct wording to match Apache 2 license:
https://github.com/ImageMagick/ImageMagick/commit/45e5d2493c08e7cb49f7268c01d847e88f78fd6c)
https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/imagemagick/imagemagick.hash | 4 ++--
package/imagemagick/imagemagick.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
index 3380378fd7..8a111edb15 100644
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 9f2b8b131222354b196c640fca4e53eb0bbf62246621b9d467f223366272d7a7 imagemagick-7.0.10-28.tar.gz
-sha256 e2d364de83dd9e7c866bd99ee7dac2fe92071fb70e9b187293353fb285cf09ac LICENSE
+sha256 fa993169a06052267eaf81cf85bbf5a30c0bf243511017d986f47abbe65ff262 imagemagick-7.0.10-51.tar.gz
+sha256 7b43ee798e835f5e0dc03c92c52d288b46a771c4561d57ef2a9a8b2c76bf33cb LICENSE
diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
index d44b7d1d14..f30d3dfc2b 100644
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IMAGEMAGICK_VERSION = 7.0.10-28
+IMAGEMAGICK_VERSION = 7.0.10-51
IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
IMAGEMAGICK_LICENSE = Apache-2.0
IMAGEMAGICK_LICENSE_FILES = LICENSE
--
2.29.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.10.51
2020-12-20 22:20 [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.10.51 Fabrice Fontaine
@ 2020-12-21 9:47 ` Peter Korsgaard
2020-12-22 10:54 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-12-21 9:47 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
> 7.0.10-40 mishandles the -authenticate option, which allows setting a
> password for password-protected PDF files. The user-controlled password
> was not properly escaped/sanitized and it was therefore possible to
> inject additional shell commands via coders/pdf.c.
> - Update license hash (correct wording to match Apache 2 license:
> https://github.com/ImageMagick/ImageMagick/commit/45e5d2493c08e7cb49f7268c01d847e88f78fd6c)
> https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.10.51
2020-12-20 22:20 [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.10.51 Fabrice Fontaine
2020-12-21 9:47 ` Peter Korsgaard
@ 2020-12-22 10:54 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-12-22 10:54 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
> 7.0.10-40 mishandles the -authenticate option, which allows setting a
> password for password-protected PDF files. The user-controlled password
> was not properly escaped/sanitized and it was therefore possible to
> inject additional shell commands via coders/pdf.c.
> - Update license hash (correct wording to match Apache 2 license:
> https://github.com/ImageMagick/ImageMagick/commit/45e5d2493c08e7cb49f7268c01d847e88f78fd6c)
> https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x, 2020.08.x and 2020.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-22 10:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-20 22:20 [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.10.51 Fabrice Fontaine
2020-12-21 9:47 ` Peter Korsgaard
2020-12-22 10:54 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.