Graphicsmagick 1.3.32 has been announced on June 15 with several security fixes: https://www.openwall.com/lists/oss-security/2019/06/15/9
Whiteboard: (none) => MGA7TOO, MGA6TOO
Suggested advisory: ======================== The updated packages fix security vulnerabilities. References: https://www.openwall.com/lists/oss-security/2019/06/15/9 ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.32-1.mga6 lib(64)graphicsmagick3-1.3.32-1.mga6 lib(64)graphicsmagick++12-1.3.32-1.mga6 lib(64)graphicsmagickwand2-1.3.32-1.mga6 lib(64)graphicsmagick-devel-1.3.32-1.mga6 perl-Graphics-Magick-1.3.32-1.mga6 graphicsmagick-doc-1.3.32-1.mga6 from SRPMS: graphicsmagick-1.3.32-1.mga6.src.rpm
CC: (none) => nicolas.salgueroWhiteboard: MGA7TOO, MGA6TOO => (none)Version: Cauldron => 6Status: NEW => ASSIGNEDSource RPM: graphicsmagick-1.3.31-6.mga7.src.rpm => graphicsmagick-1.3.31-1.5.mga6.src.rpmAssignee: bugsquad => qa-bugs
mga6, x86_64 Updated the seven packages. Ran a few tests similar to those in a previous test of graphicsmagick. No regressions. $ gm version GraphicsMagick 1.3.32 2019-06-15 Q8 http://www.GraphicsMagick.org/ Copyright (C) 2002-2019 GraphicsMagick Group. [...] LIBS = -llcms2 -lfreetype -lX11 -llzma -lbz2 -lz -lltdl -lm -lpthread Captured an area of the screen using $ gm import bugz.png $ gm display bugz.png That displayed an image of the captured area. $ gm convert -rotate 180 GlenShiel_4.jpg flipped.ppm Image upside down. $ gm convert -rotate 90 workspace.jpg clockwise.png Image turned through 90°. $ cat gmtest.pl #!/bin/env perl # http://www.graphicsmagick.org/perl.html#example-script use Graphics::Magick; my($image, $status); $image = Graphics::Magick->new; $status = $image->Read('frame1.png', 'frame2.png', 'frame3.png', 'frame4.png'); warn "$status" if "$status"; $status = $image->Write('frames.gif'); warn "$status" if "$status"; $ perl gmtest.pl $ ll frames.gif -rw-r--r-- 1 lcl lcl 10120013 Jun 19 18:40 frames.gif $ gm animate frames.gif Continuous loop displaying the four images. $ gm montage loch*.png montage.jpg $ gm display montage.jpg Image shows thumbnails of ten photos in a 6x2 arrangement. $ perl imagestack.pl $ gm identify x.gif x.gif[0] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000001s x.gif[1] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000334s x.gif[2] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000254s x.gif[3] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000157s $ gm animate -delay 50 x.gif Continuous loop animation at 2 frames per second. $ gm mogrify -resize 200% JessicaAlba.ppm Enlarged an image, overwriting the original. $ ./graffiti.pl This produced a new image x.ppm showing a red rectangle on a white background and a modified image xyz.ppm with a red rectangle superimposed. This looks good for 64bits.
Whiteboard: (none) => MGA6-64-OKCC: (none) => tarazed25
Validating this. Advisory almost there.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0194.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
CVE-2019-12921 was fixed in this update: https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html