[ubuntu/trusty-security] imagemagick 8:6.7.7.10-6ubuntu3.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jun 2 12:53:13 UTC 2016


imagemagick (8:6.7.7.10-6ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: ImageTragick remote code execution
    - d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
    - d/p/0077-Remove-PLT-Gnuplot-decoder.patch
    - d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
    - d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
    - d/p/0080-Prevent-indirect-reads-with-label-at.patch
    - d/p/0081-Less-secure-coders-require-explicit-reference.patch
    - CVE-2016-3714
    - CVE-2016-3715
    - CVE-2016-3716
    - CVE-2016-3717
    - CVE-2016-3718
  * SECURITY UPDATE: popen() shell vulnerability
    - d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
    - CVE-2016-5118

Date: 2016-06-01 18:04:13.438779+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-6ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list