[Pkg-gmagick-im-team] About the security issues affecting imagemagick in Jessie
Hugo Lefeuvre
hle at debian.org
Fri Aug 30 14:03:03 BST 2019
Hi Mike,
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Jessie:
> https://security-tracker.debian.org/tracker/source-package/imagemagick
>
> We decided that a member of the LTS team should take a look at this
> package, although the security impact of still open issues is low. When
> resources are available on our side, one of the LTS team members will
> start working on fixes for those minor security issues, as we think that
> the jessie users would most certainly benefit from a fixed package.
I have recently worked on these issues (in the last two weeks, in fact). :-)
Most of these issues are no-dsa, either very minor from a security point of
view or the patches are too unclear/unstable to be applied currently.
The only recently postponed issue is CVE-2019-13391/CVE-2019-13308. I did not
upload this patch because it is big, not really understandable, and
undocumented. Upstream did not answer my questions yet.
I'd just remove imagemagick from dla-needed and wait some time, until upstream
clarifies this patch. If he doesn't, I'd just mark this no-dsa.
regards,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20190830/5f3b8aa3/attachment.sig>
More information about the Pkg-gmagick-im-team
mailing list