openSUSE has issued an advisory on January 15: https://lists.opensuse.org/opensuse-updates/2020-01/msg00057.html I'm not sure if these are all fixed in 1.3.34 (Bug 26056). If not, Mageia 7 would also be affected.
Whiteboard: (none) => MGA7TOOSeverity: normal => major
Debian-LTS has issued an advisory for this on January 29: https://www.debian.org/lts/security/2020/dla-2084
Cauldron has been updated to version 1.3.35.
Advisory ======== Graphicsmagick has been updated to the latest version to fix several critical security issues. References ========== https://lists.opensuse.org/opensuse-updates/2020-01/msg00057.html https://www.debian.org/lts/security/2020/dla-2084 https://nvd.nist.gov/vuln/detail/CVE-2019-19950 https://nvd.nist.gov/vuln/detail/CVE-2019-19951 https://nvd.nist.gov/vuln/detail/CVE-2019-19953 Files ===== Uploaded to core/updates_testing libgraphicsmagickwand2-1.3.35-1.mga7 libgraphicsmagick++12-1.3.35-1.mga7 perl-Graphics-Magick-1.3.35-1.mga7 libgraphicsmagick-devel-1.3.35-1.mga7 libgraphicsmagick3-1.3.35-1.mga7 graphicsmagick-1.3.35-1.mga7 graphicsmagick-doc-1.3.35-1.mga7 from graphicsmagick-1.3.35-1.mga7.src.rpm
Assignee: smelror => qa-bugsWhiteboard: MGA7TOO => (none)Version: Cauldron => 7
On a 64-bit Plasma system: The following 3 packages are going to be installed: - graphicsmagick-1.3.35-1.mga7.x86_64 - graphicsmagick-doc-1.3.35-1.mga7.noarch - lib64graphicsmagick3-1.3.35-1.mga7.x86_64 All packages installed cleanly. GraphicksMagick is a powerful cli tool with a multitude of options, far too many to master for testing purposes. However, after looking online, I found a brief, very basic beginners tutorial at https://www.tecmint.com/graphicsmagick-image-processing-cli-tool-for-linux/. As suggested, I ran the following commands first: $ gm convert -list formats #check that the expected image formats are supported $ gm convert -list fonts #check if fonts are available $ gm convert -list delegates #check if delegates (external programs) are configured as expected $ gm convert -list colors #check if color definitions may be loaded $ gm convert -list resources #check that GraphicsMagick is properly identifying the resources of your machine All were successful. I then displayed a couple of images, and converted a couple of others between formats. Everything worked. I believe those tests are adequate for QA purposes, so I'm sending this on its way. Verifying. Advisory in Comment 3.
Whiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0102.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
This update also fixed CVE-2020-10938: https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html