ALT repositories
Last updated at Sat, 06 Jun 2020 00:49:50 +0000 | SRPMs: 15384
en ru
SRPMs in branches
hide window
Group :: Graphics
Source RPM: ImageMagick
Current version:
Built: over 4 years ago
Size: 7.98 MB
Repocop status: skip
Home page:

License: OpenSource
Summary: An X application for displaying and manipulating images

ImageMagick is a powerful image display, conversion and manipulation tool.
It runs in an X session. With this tool, you can view, edit and display
a variety of image formats.

This package installs the necessary files to run ImageMagick.

Current maintainer: Anton Farygin

List of contributors:
ACL: List of rpms provided by this srpm:
  • ImageMagick
  • ImageMagick-doc
  • ImageMagick-tools
  • ImageMagick-tools-debuginfo
  • libImageMagick
  • libImageMagick-debuginfo
  • libImageMagick-devel
  • perl-Magick
  • perl-Magick-debuginfo
Recent changes (last three changelog entries):

2016-06-06 Andrey Cherepanov

    - Apply security patch from Debian:
      Disable support for reading input from a shell command, or writing
      output to a shell command. This was done by the pipe (|) prefix. It
      was possible to perform a command injection as discrived by
      CVE-2016-5118 since it use popen.

2016-05-18 Andrey Cherepanov

    - Apply security patches from Debian:
      ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT,
      SHOW, WIN, and PLT are disabled via policy.xml file, since they are
      vulnerable to code injection. This mitigates CVE-2016-3714,
      CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718.
      Since ImageMagick reverts to its internal SVG renderer (which uses
      MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg
      is included. Closes: 823542. In addition, some other actions were
      taken with respect to these vulnerabilities:
      - Drop the PLT/Gnuplot decoder, which was vulnerable to command
      - Some sanitization for input filenames in http/https delegates is
      - Indirect filename are now authorized by policy.
      - Indirect reads with label:@ are prevented.
      - Less secure coders (such as MVG, TEXT, and MSL) require explicit
        reference in the filename (e.g. mvg:my-graph.mvg).

2013-04-25 George V. Kouryachy

    - Avoid ImageMagick pipe i/o bug
The Geyser project is based on code from Prometheus2.0, which had been made available under the MIT License.