openSUSE has issued an advisory today (June 30): https://lists.opensuse.org/opensuse-updates/2018-06/msg00149.html At least some of these issues have been fixed since our last update.
Assigning to the registered maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
@marja : hi, I disowned imagemagick due to health problems.
(In reply to Shlomi Fish from comment #2) > @marja : hi, I disowned imagemagick due to health problems. Thanks for telling me. I hope your health will greatly improve (which doesn't mean you should then take this package again, you already maintain so many!). Reassigning to all packagers collectively.
Assignee: shlomif => pkg-bugsCC: (none) => geiger.david68210
Debian has issued an advisory on July 14: https://www.debian.org/security/2018/dsa-4245 It also addresses some new issues.
Ubuntu has issued an advisory for this on July 11: https://usn.ubuntu.com/3711-1/
SUSE has issued an advisory for this on July 23: http://lists.suse.com/pipermail/sle-security-updates/2018-July/004300.html
openSUSE has issued an advisory on July 28: https://lists.opensuse.org/opensuse-updates/2018-07/msg00081.html
SUSE has issued an advisory on August 21: http://lists.suse.com/pipermail/sle-security-updates/2018-August/004481.html openSUSE has issued an advisory on August 25: https://lists.opensuse.org/opensuse-updates/2018-08/msg00136.html
SUSE has disabled Ghostscript in ImageMagick as they did with GraphicsMagick, due to issues that have been discussed on oss-security recently (see also Bug 23157 Comment 11): http://lists.suse.com/pipermail/sle-security-updates/2018-August/004508.html
(In reply to David Walser from comment #9) > SUSE has disabled Ghostscript in ImageMagick as they did with > GraphicsMagick, due to issues that have been discussed on oss-security > recently (see also Bug 23157 Comment 11): > http://lists.suse.com/pipermail/sle-security-updates/2018-August/004508.html openSUSE has followed suit: https://lists.opensuse.org/opensuse-updates/2018-09/msg00009.html
Ubuntu has issued an advisory on October 4: https://usn.ubuntu.com/3785-1/
openSUSE has issued advisories on September 24, October 5, and October 11: https://lists.opensuse.org/opensuse-updates/2018-09/msg00135.html https://lists.opensuse.org/opensuse-updates/2018-10/msg00016.html https://lists.opensuse.org/opensuse-updates/2018-10/msg00049.html
Debian has issued an advisory on October 12: https://www.debian.org/security/2018/dsa-4316
openSUSE and SUSE have issued advisories today (October 17): https://lists.opensuse.org/opensuse-updates/2018-10/msg00089.html http://lists.suse.com/pipermail/sle-security-updates/2018-October/004682.html
openSUSE has issued an advisory on October 18: https://lists.opensuse.org/opensuse-updates/2018-10/msg00105.html
openSUSE has issued an advisory on December 8: https://lists.opensuse.org/opensuse-updates/2018-12/msg00039.html
Advisory ======== Imagemagick has been updated to fix several bugs and security issues. References ========== https://legacy.imagemagick.org/script/changelog.php Files ===== Uploaded to core/updates_testing imagemagick-6.9.10.22-1.1.mga6 imagemagick-debuginfo-6.9.10.22-1.1.mga6 imagemagick-desktop-6.9.10.22-1.1.mga6 imagemagick-doc-6.9.10.22-1.1.mga6 lib64magick-6Q16_6-6.9.10.22-1.1.mga6 lib64magick++-6Q16_8-6.9.10.22-1.1.mga6 lib64magick-devel-6.9.10.22-1.1.mga6 perl-Image-Magick-6.9.10.22-1.1.mga6 from imagemagick-6.9.10.22-1.1.mga6.src.rpm
CC: (none) => smelror
Assignee: pkg-bugs => qa-bugs
Packages have not yet reached the math.princeton mirror. Seems like it should have been long enough, but perhaps things were delayed because of the holiday. Will try again later.
CC: (none) => andrewsfarm
Ah. It appears that the math.princeton mirror is broken at the moment. That is unfortunate.
QA Repo did not find imagemagick-debuginfo-6.9.10.22-1.1.mga6 on the distrib-coffee mirror, but did find the rest. On real hardware, Core 2 Duo, Intel graphics, 8GB RAM, 64-bit Plasma system using the desktop kernel. Packages installed cleanly. Loaded a photo of a hot air balloon landing, played with special effects until the image was completely unrecognizable. No issues noted. OK for 64-bit.
Whiteboard: (none) => MGA6-64-OK
The debuginfo packages are in a different repo, but QA doesn't need to worry about those. We packagers shouldn't list them.
Same hardware as Comment 20, 32-bit Xfce install using the server kernel. There were no 32-bit libraries listed in Comment 17, but a little editing of the package list in QA Repo took care of that for this test. Packages installed cleanly. Loaded a different photo, and again played with it until unrecognizable. No issues noted. Looks OK for 32-bit. Validating. Suggested advisory in Comment 17, but the package list should be edited to include the 32-bit packages.
Whiteboard: MGA6-64-OK => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Don't worry about that. The SVN advisory only has the SRPMS, not the binary packages.
CC: (none) => lewyssmithKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0006.html
Status: NEW => RESOLVEDResolution: (none) => FIXED