Date: Tue, 29 Apr 2008 08:22:28 -0400 From: Mikhail Teterin <mi+kde@aldan.algebra.com> To: Henrik Brix Andersen <brix@freebsd.org> Cc: cvs-ports@freebsd.org, Bob Friesenhahn <bfriesen@simple.dallas.tx.us>, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/graphics/GraphicsMagick Makefile distinfo Message-ID: <200804290822.29305@aldan> In-Reply-To: <20080429055949.GA1517@tirith.brixandersen.dk> References: <200804290052.m3T0q6bB088900@repoman.freebsd.org> <20080429055949.GA1517@tirith.brixandersen.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On צ×ÔÏÒÏË 29 ËצÔÅÎØ 2008, Henrik Brix Andersen wrote: = > š Update to 1.1.12, which (partially) fixes some potential security = > š flaws... = = The flaws are only partially fixed? Or the update is only partially a = security update? My understanding -- from the author's description (CC-ed) -- is that the flaws are inherent and can not be /fully/ fixed. ImageMagick and GraphicsMagick both look at the filename for the "special characters" and extensions. By carefully crafting those, it may be possible to cause them to launch other executables... There should be more in the ChangeLog... -mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804290822.29305>