Package libImageMagick-devel: Information

    Binary package: libImageMagick-devel
    Version: 6.8.4.10-alt3.M70P.2
    Architecture: i586
    Build time:  Jun 6, 2016, 02:46 PM in the task #165565
    Source package: ImageMagick
    Copied in the task: #165606
    Category: Development/C
    Report package bug
    Gear: https://git.altlinux.org/gears/I/ImageMagick.git?a=tree;hb=47544…
    Download: libImageMagick-devel-6.8.4.10-alt3.M70P.2.i586.rpm
    Build log: https://git.altlinux.org/tasks/165565/build/100/i586/log
    Home page: http://www.imagemagick.org/
    License: OpenSource
    Summary: Header files for ImageMagick app development
    Description: 
    If you want to create applications that will use ImageMagick code or APIs,
you'll need to install these packages as well as ImageMagick.  These additional
packages aren't necessary if you simply want to use ImageMagick, however.
    Maintainer: Anton Farygin
    List of contributors:
    Andrey Cherepanov
    George V. Kouryachy
    Anton Farygin
    Eugeny A. Rostovtsev
    Vladimir Lettiev
    Alexey Tourbin
    Valery Inozemtsev
    qa-robot
    Dmitry V. Levin
    Yuri N. Sedunov
    Stanislav Ievlev
    goldhead

    Last changed

    June 6, 2016 Andrey Cherepanov 6.8.4.10-alt3.M70P.2
    - Apply security patch from Debian:
  Disable support for reading input from a shell command, or writing
  output to a shell command. This was done by the pipe (|) prefix. It
  was possible to perform a command injection as discrived by
  CVE-2016-5118 since it use popen.
    May 18, 2016 Andrey Cherepanov 6.8.4.10-alt3.M70P.1
    - Apply security patches from Debian:
  ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT,
  SHOW, WIN, and PLT are disabled via policy.xml file, since they are
  vulnerable to code injection. This mitigates CVE-2016-3714,
  CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718.
  Since ImageMagick reverts to its internal SVG renderer (which uses
  MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg
  is included. Closes: 823542. In addition, some other actions were
  taken with respect to these vulnerabilities:
  - Drop the PLT/Gnuplot decoder, which was vulnerable to command
  injection.
  - Some sanitization for input filenames in http/https delegates is
  added.
  - Indirect filename are now authorized by policy.
  - Indirect reads with label:@ are prevented.
  - Less secure coders (such as MVG, TEXT, and MSL) require explicit
    reference in the filename (e.g. mvg:my-graph.mvg).
    April 25, 2013 George V. Kouryachy 6.8.4.10-alt2.1
    - Avoid ImageMagick pipe i/o bug
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top