Пакет ImageMagick-tools: Информация
Бинарный пакет: ImageMagick-tools
Версия: 6.8.4.10-alt3.M70P.2
Архитектура: i586
Собран: 6 июня 2016 г. 14:46 в задании #165565
Исходный пакет: ImageMagick
Категория: Графика
Сообщить об ошибке в пакетеДомашняя страница: http://www.imagemagick.org/
Лицензия: OpenSource
О пакете: Консольные утилиты из ImageMagick
Описание:
ImageMagick — мощный инструмент для просмотра, редактирования и преобразования изображений в различных форматах. Этот пакет устанавливает файлы, необходимые для запуска утилит ImageMagick.
Сопровождающий: Anton Farygin
Список участников:
Andrey Cherepanov
George V. Kouryachy
Anton Farygin
Eugeny A. Rostovtsev
Vladimir Lettiev
Alexey Tourbin
Valery Inozemtsev
qa-robot
Dmitry V. Levin
Yuri N. Sedunov
Stanislav Ievlev
goldhead
Andrey Cherepanov
George V. Kouryachy
Anton Farygin
Eugeny A. Rostovtsev
Vladimir Lettiev
Alexey Tourbin
Valery Inozemtsev
qa-robot
Dmitry V. Levin
Yuri N. Sedunov
Stanislav Ievlev
goldhead
Последнее изменение
6 июня 2016 г. Andrey Cherepanov 6.8.4.10-alt3.M70P.2
- Apply security patch from Debian: Disable support for reading input from a shell command, or writing output to a shell command. This was done by the pipe (|) prefix. It was possible to perform a command injection as discrived by CVE-2016-5118 since it use popen.
18 мая 2016 г. Andrey Cherepanov 6.8.4.10-alt3.M70P.1
- Apply security patches from Debian: ImageTragick: The coders EPHEMERAL, URL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT are disabled via policy.xml file, since they are vulnerable to code injection. This mitigates CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, and CVE-2016-3718. Since ImageMagick reverts to its internal SVG renderer (which uses MVG coder) if Inkscape or RSVG is not used, the option --with-rsvg is included. Closes: 823542. In addition, some other actions were taken with respect to these vulnerabilities: - Drop the PLT/Gnuplot decoder, which was vulnerable to command injection. - Some sanitization for input filenames in http/https delegates is added. - Indirect filename are now authorized by policy. - Indirect reads with label:@ are prevented. - Less secure coders (such as MVG, TEXT, and MSL) require explicit reference in the filename (e.g. mvg:my-graph.mvg).
25 апреля 2013 г. George V. Kouryachy 6.8.4.10-alt2.1
- Avoid ImageMagick pipe i/o bug