| Summary: | graphicsmagick 1.3.38 fixes security issues | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | graphicsmagick-1.3.36-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-03-26 17:53:37 CET
Updated packages pushed to the build system. Advisory: ======================== Updated graphicsmagick packages fix security vulnerabilities: The graphicsmagick package has been updated to version 1.3.37, fixing several security issues and other bugs. See the upstream NEWS file for details. References: http://www.graphicsmagick.org/NEWS.html#december-12-2021 ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.37-1.mga8 libgraphicsmagick3-1.3.37-1.mga8 libgraphicsmagick++12-1.3.37-1.mga8 libgraphicsmagickwand2-1.3.37-1.mga8 libgraphicsmagick-devel-1.3.37-1.mga8 perl-Graphics-Magick-1.3.37-1.mga8 graphicsmagick-doc-1.3.37-1.mga8 from graphicsmagick-1.3.37-1.mga8.src.rpm Assignee:
bugsquad =>
qa-bugs i5-2500, Intel graphics, mga8-64 Plasma system. Updated packages, no installation issues. Followed guidance from https://wiki.mageia.org/en/QA_procedure:GraphicsMagick for testing. Issued several commands, no issues noted. This version looks OK to me. But, http://www.graphicsmagick.org/NEWS.html#march-26-2022 indicates that version 1.3.38 was released just today, and contains more security and bug fixes in addition to the ones this update provides. Do we want to go ahead with this one now, or use this opportunity to get the latest one? CC:
(none) =>
andrewsfarm LOL, that wasn't there when I posted this. We should update it again. Updated packages pushed to the build system. Advisory: ======================== Updated graphicsmagick packages fix security vulnerabilities: The graphicsmagick package has been updated to version 1.3.38, fixing several security issues and other bugs. See the upstream NEWS file for details. References: http://www.graphicsmagick.org/NEWS.html#march-26-2022 ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.38-1.mga8 libgraphicsmagick3-1.3.38-1.mga8 libgraphicsmagick++12-1.3.38-1.mga8 libgraphicsmagickwand2-1.3.38-1.mga8 libgraphicsmagick-devel-1.3.38-1.mga8 perl-Graphics-Magick-1.3.38-1.mga8 graphicsmagick-doc-1.3.38-1.mga8 from graphicsmagick-1.3.38-1.mga8.src.rpm Whiteboard:
MGA8-64-OK =>
(none) Waited overnight for the new update to get to my mirror. Updated on the same system as Comment 2. No installation issues. Performed the same operations, on different images this time, with the expected results. This looks OK. Validating. Advisory in Comment 4. Whiteboard:
(none) =>
MGA8-64-OK
Dave Hodgins
2022-03-28 16:11:40 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0120.html Resolution:
(none) =>
FIXED CVE-2022-1270 was fixed in 1.3.38: https://lists.suse.com/pipermail/sle-security-updates/2022-April/010770.html It was in one of the last commits before the release was tagged: https://sourceforge.net/p/graphicsmagick/code/ci/94f4bcf448ad29d6d8470e444038402d34fbba12/tree/ (In reply to David Walser from comment #7) > CVE-2022-1270 was fixed in 1.3.38: > https://lists.suse.com/pipermail/sle-security-updates/2022-April/010770.html > > It was in one of the last commits before the release was tagged: > https://sourceforge.net/p/graphicsmagick/code/ci/ > 94f4bcf448ad29d6d8470e444038402d34fbba12/tree/ Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RT7EBWFKU35SW2PM3ELHR2KWX4F4JS47/ |