Package ImageMagick: Information
Source package: ImageMagick
Version: 6.8.4.10-alt3.M70C.1
Build time: May 23, 2016, 01:51 PM in the task #164972
Category: Graphics
Report package bugHome page: http://www.imagemagick.org/
License: OpenSource
Summary: An X application for displaying and manipulating images
Description:
ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. This package installs the necessary files to run ImageMagick.
List of rpms provided by this srpm:
ImageMagick (x86_64, i586)
ImageMagick-doc (noarch)
ImageMagick-tools (x86_64, i586)
ImageMagick-tools-debuginfo (x86_64, i586)
libImageMagick (x86_64, i586)
libImageMagick-debuginfo (x86_64, i586)
libImageMagick-devel (x86_64, i586)
perl-Magick (x86_64, i586)
perl-Magick-debuginfo (x86_64, i586)
ImageMagick (x86_64, i586)
ImageMagick-doc (noarch)
ImageMagick-tools (x86_64, i586)
ImageMagick-tools-debuginfo (x86_64, i586)
libImageMagick (x86_64, i586)
libImageMagick-debuginfo (x86_64, i586)
libImageMagick-devel (x86_64, i586)
perl-Magick (x86_64, i586)
perl-Magick-debuginfo (x86_64, i586)
Maintainer: Anton Farygin
List of contributors:
Anton V. Boyarshinov
Andrey Cherepanov
George V. Kouryachy
Anton Farygin
Eugeny A. Rostovtsev
Vladimir Lettiev
Alexey Tourbin
Valery Inozemtsev
qa-robot
Dmitry V. Levin
Yuri N. Sedunov
Stanislav Ievlev
goldhead
Anton V. Boyarshinov
Andrey Cherepanov
George V. Kouryachy
Anton Farygin
Eugeny A. Rostovtsev
Vladimir Lettiev
Alexey Tourbin
Valery Inozemtsev
qa-robot
Dmitry V. Levin
Yuri N. Sedunov
Stanislav Ievlev
goldhead
Last changed
May 23, 2016 Anton V. Boyarshinov 6.8.4.10-alt3.M70C.1
- backport to 7
May 18, 2016 Andrey Cherepanov 6.8.4.10-alt3.M70P.1
- Apply security patches from Debian: ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT are disabled via policy.xml file, since they are vulnerable to code injection. This mitigates CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718. Since ImageMagick reverts to its internal SVG renderer (which uses MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg is included. Closes: 823542. In addition, some other actions were taken with respect to these vulnerabilities: - Drop the PLT/Gnuplot decoder, which was vulnerable to command injection. - Some sanitization for input filenames in http/https delegates is added. - Indirect filename are now authorized by policy. - Indirect reads with label:@ are prevented. - Less secure coders (such as MVG, TEXT, and MSL) require explicit reference in the filename (e.g. mvg:my-graph.mvg).
April 25, 2013 George V. Kouryachy 6.8.4.10-alt2.1
- Avoid ImageMagick pipe i/o bug