From owner-freebsd-ports@freebsd.org Tue May 10 14:23:43 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A576B35814 for ; Tue, 10 May 2016 14:23:43 +0000 (UTC) (envelope-from killing@multiplay.co.uk) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D0752112B for ; Tue, 10 May 2016 14:23:42 +0000 (UTC) (envelope-from killing@multiplay.co.uk) Received: by mail-wm0-x236.google.com with SMTP id a17so31054954wme.0 for ; Tue, 10 May 2016 07:23:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=multiplay-co-uk.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=opbSFr+YTqY5LSyAt6oTFoCxf+2eR+p0MlA46ESSvm8=; b=Kqr55X+3hp/ifHaaaqOyg/zVigdxbzFSx9y91B1g66hYD6zBDymJGBJW2C4igO+LAp mXhBtgpooXbgVNoTRWdFVZbspshAdxq8axCRGUTN4iYqh/OquqAIB8Z37nToZILgPfQn EbfINzurnbYLJTgKanGs7vlzGHJa+6MHpc1lIslWX5KNa4mTyy0Ii0QerwKGNXGpNko4 VphT4RGYnTYW8YLa7RmrcPRgOpGKtbkf/jUX6aJyBVEAIrTegkwBQNtZNa/HAev/y0+w LATZy09dxGm0iJ1mJB585QYM8s46czqexsC3O2HnqeaOnER0l4I/7OfSTNARVpm6zqdp 4kww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=opbSFr+YTqY5LSyAt6oTFoCxf+2eR+p0MlA46ESSvm8=; b=OlZE1APARB9DAIiepKtUKBBH35l+4EJ4O3DuRRgEcc3WME+Mt16iV1O84miJSaYGzy kfOnFr/BLprJ43OsGciBhtIYtKEmEudpY5lReXtbmXgkHwrDgdjuU4ab7OtSYJKlBpfM 6nTvUD5Vn2OY3R0p5+2tU6Ti1NZuAcIK8lmKlJxrie8X587M4f+jUv4k3FyDL9IV1gQz /zNdkvtH1I6SWu45SuLfzgM5sq1iWNwJjLO/6eZhjs0zH5uwiAz242ONbAkWi6ja/re1 P73nQ6/u//bnPBPWzFmL719bgACuS2UMnlZf+ddrqZOk5mbmpLSIwfdDvcmidOAX11zu cq0Q== X-Gm-Message-State: AOPr4FXSgGiqdA9nfdxbaUoPyURxmjPNzsrj8dn85DjTde9fr4BbZ+6yf58oUn+dxV0jBVtD X-Received: by 10.194.64.35 with SMTP id l3mr38556540wjs.180.1462890221109; Tue, 10 May 2016 07:23:41 -0700 (PDT) Received: from [10.10.1.58] (liv3d.labs.multiplay.co.uk. [82.69.141.171]) by smtp.gmail.com with ESMTPSA id u4sm2832732wjz.4.2016.05.10.07.23.39 for (version=TLSv1/SSLv3 cipher=OTHER); Tue, 10 May 2016 07:23:39 -0700 (PDT) Subject: Re: graphics/ImageMagick vulnerability status? To: freebsd-ports@freebsd.org References: <932CD389-9999-40FB-8406-2F0A28ABDA70@lassitu.de> From: Steven Hartland Message-ID: <8d07287d-481b-252c-a81c-4f80ff25d5b7@multiplay.co.uk> Date: Tue, 10 May 2016 15:23:45 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0 MIME-Version: 1.0 In-Reply-To: <932CD389-9999-40FB-8406-2F0A28ABDA70@lassitu.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2016 14:23:43 -0000 Really doesn't help that they keep revising the fix, 3 releases in 6 days, latest version actually being 6.9.4-1 :( On 10/05/2016 15:09, Stefan Bethke wrote: > Hey, > > according to https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588, a release 6.9.4-0 should be out that improves the situation significantly. It appears that graphics/ImageMagick is at 6.9.3. It would be nice if people who follow ImageMagick more closely than me could speak to the security status of the current port, updates planned, and/or additional mitigation recommended. Heise News is reporting that exploits have been posted and are seen in the wild. > > > Thanks, > Stefan >