[ubuntu/xenial-security] imagemagick 8:6.8.9.9-7ubuntu5.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jun 2 12:53:16 UTC 2016


imagemagick (8:6.8.9.9-7ubuntu5.1) xenial-security; urgency=medium

  * SECURITY UPDATE: ImageTragick remote code execution
    - d/p/0076-Disable-EPHEMERAL-URL-HTTPS-MVG-MSL-TEXT-SHOW-WIN-and-PLT-coders.patch
    - d/p/0077-Remove-PLT-Gnuplot-decoder.patch
    - d/p/0078-Sanitize-input-filename-for-http-and-https-delegates.patch
    - d/p/0079-Indirect-filename-must-be-authorized-by-policy.patch
    - d/p/0080-Prevent-indirect-reads-with-label-at.patch
    - d/p/0081-Less-secure-coders-require-explicit-reference.patch
    - debian/rules: build with --with-rsvg.
    - CVE-2016-3714
    - CVE-2016-3715
    - CVE-2016-3716
    - CVE-2016-3717
    - CVE-2016-3718
  * SECURITY UPDATE: popen() shell vulnerability
    - d/p/0082-Disable-MAGICKCORE_HAVE_POPEN.patch
    - CVE-2016-5118

Date: 2016-06-01 18:53:13.181481+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list