GraphicsMagick 1.3.37 has been released on December 12: http://www.graphicsmagick.org/NEWS.html#december-12-2021 Fedora has issued an advisory for this today (March 26): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2QNG6Z5S5XGO3TXEHLRZPISCIWYIL4OQ/
Updated packages pushed to the build system. Advisory: ======================== Updated graphicsmagick packages fix security vulnerabilities: The graphicsmagick package has been updated to version 1.3.37, fixing several security issues and other bugs. See the upstream NEWS file for details. References: http://www.graphicsmagick.org/NEWS.html#december-12-2021 ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.37-1.mga8 libgraphicsmagick3-1.3.37-1.mga8 libgraphicsmagick++12-1.3.37-1.mga8 libgraphicsmagickwand2-1.3.37-1.mga8 libgraphicsmagick-devel-1.3.37-1.mga8 perl-Graphics-Magick-1.3.37-1.mga8 graphicsmagick-doc-1.3.37-1.mga8 from graphicsmagick-1.3.37-1.mga8.src.rpm
Assignee: bugsquad => qa-bugs
i5-2500, Intel graphics, mga8-64 Plasma system. Updated packages, no installation issues. Followed guidance from https://wiki.mageia.org/en/QA_procedure:GraphicsMagick for testing. Issued several commands, no issues noted. This version looks OK to me. But, http://www.graphicsmagick.org/NEWS.html#march-26-2022 indicates that version 1.3.38 was released just today, and contains more security and bug fixes in addition to the ones this update provides. Do we want to go ahead with this one now, or use this opportunity to get the latest one?
CC: (none) => andrewsfarmWhiteboard: (none) => MGA8-64-OK
LOL, that wasn't there when I posted this. We should update it again.
Updated packages pushed to the build system. Advisory: ======================== Updated graphicsmagick packages fix security vulnerabilities: The graphicsmagick package has been updated to version 1.3.38, fixing several security issues and other bugs. See the upstream NEWS file for details. References: http://www.graphicsmagick.org/NEWS.html#march-26-2022 ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.38-1.mga8 libgraphicsmagick3-1.3.38-1.mga8 libgraphicsmagick++12-1.3.38-1.mga8 libgraphicsmagickwand2-1.3.38-1.mga8 libgraphicsmagick-devel-1.3.38-1.mga8 perl-Graphics-Magick-1.3.38-1.mga8 graphicsmagick-doc-1.3.38-1.mga8 from graphicsmagick-1.3.38-1.mga8.src.rpm
Whiteboard: MGA8-64-OK => (none)Summary: graphicsmagick 1.3.37 fixes security issues => graphicsmagick 1.3.38 fixes security issues
Waited overnight for the new update to get to my mirror. Updated on the same system as Comment 2. No installation issues. Performed the same operations, on different images this time, with the expected results. This looks OK. Validating. Advisory in Comment 4.
Whiteboard: (none) => MGA8-64-OKCC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0120.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
CVE-2022-1270 was fixed in 1.3.38: https://lists.suse.com/pipermail/sle-security-updates/2022-April/010770.html It was in one of the last commits before the release was tagged: https://sourceforge.net/p/graphicsmagick/code/ci/94f4bcf448ad29d6d8470e444038402d34fbba12/tree/
(In reply to David Walser from comment #7) > CVE-2022-1270 was fixed in 1.3.38: > https://lists.suse.com/pipermail/sle-security-updates/2022-April/010770.html > > It was in one of the last commits before the release was tagged: > https://sourceforge.net/p/graphicsmagick/code/ci/ > 94f4bcf448ad29d6d8470e444038402d34fbba12/tree/ Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RT7EBWFKU35SW2PM3ELHR2KWX4F4JS47/