{"id":814611,"url":"http://patchwork.ozlabs.org/api/patches/814611/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20170917091652.18140-1-bernd.kuhls@t-online.de/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170917091652.18140-1-bernd.kuhls@t-online.de>","list_archive_url":null,"date":"2017-09-17T09:16:52","name":"[1/1] package/imagemagick: security bump to version 7.0.7-1","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"006778db587d171b8499296b54b577b6a5aad3f0","submitter":{"id":62613,"url":"http://patchwork.ozlabs.org/api/people/62613/?format=json","name":"Bernd Kuhls","email":"bernd.kuhls@t-online.de"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20170917091652.18140-1-bernd.kuhls@t-online.de/mbox/","series":[{"id":3492,"url":"http://patchwork.ozlabs.org/api/series/3492/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=3492","date":"2017-09-17T09:16:52","name":"[1/1] package/imagemagick: security bump to version 7.0.7-1","version":1,"mbox":"http://patchwork.ozlabs.org/series/3492/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/814611/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/814611/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.136; helo=silver.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=)","Received":["from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xw3S16Y1mz9sPr\n\tfor ;\n\tSun, 17 Sep 2017 19:17:04 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby silver.osuosl.org (Postfix) with ESMTP id EFE2A2DC45;\n\tSun, 17 Sep 2017 09:17:01 +0000 (UTC)","from silver.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id NpehF5KURLp7; Sun, 17 Sep 2017 09:17:01 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby silver.osuosl.org (Postfix) with ESMTP id 03C6030897;\n\tSun, 17 Sep 2017 09:17:01 +0000 (UTC)","from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id 4F4931C2708\n\tfor ;\n\tSun, 17 Sep 2017 09:17:00 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 4870D8A767\n\tfor ;\n\tSun, 17 Sep 2017 09:17:00 +0000 (UTC)","from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id CBFALrP72rve for ;\n\tSun, 17 Sep 2017 09:16:58 +0000 (UTC)","from mailout02.t-online.de (mailout02.t-online.de [194.25.134.17])\n\tby hemlock.osuosl.org (Postfix) with ESMTPS id 795828A766\n\tfor ; Sun, 17 Sep 2017 09:16:58 +0000 (UTC)","from fwd06.aul.t-online.de (fwd06.aul.t-online.de [172.20.26.150])\n\tby mailout02.t-online.de (Postfix) with SMTP id 84A2F41BF5CB\n\tfor ; Sun, 17 Sep 2017 11:16:56 +0200 (CEST)","from fli4l.lan.fli4l\n\t(bLeQrEZZrhr8BMSeq4W2g1O7uuvNEbDIsYjbKpFgy76rq-SPzbzQujuWFxBx+F6QiO@[79.228.1.99])\n\tby fwd06.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted)\n\tesmtp id 1dtVh8-1DDyW80; Sun, 17 Sep 2017 11:16:54 +0200","from mahler.lan.fli4l ([192.168.1.1]:45590 helo=kuhls.lan.fli4l)\n\tby fli4l.lan.fli4l with esmtp (Exim 4.89)\n\t(envelope-from ) id 1dtVh6-000403-WF\n\tfor buildroot@buildroot.org; Sun, 17 Sep 2017 11:16:53 +0200"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","From":"Bernd Kuhls ","To":"buildroot@buildroot.org","Date":"Sun, 17 Sep 2017 11:16:52 +0200","Message-Id":"<20170917091652.18140-1-bernd.kuhls@t-online.de>","X-Mailer":"git-send-email 2.11.0","X-ID":"bLeQrEZZrhr8BMSeq4W2g1O7uuvNEbDIsYjbKpFgy76rq-SPzbzQujuWFxBx+F6QiO","X-TOI-MSGID":"a78070ef-36e5-4daf-a1e9-f35919b93b60","Subject":"[Buildroot] [PATCH 1/1] package/imagemagick: security bump to\n\tversion 7.0.7-1","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" "},"content":"Quoting CVE-related issues from\nhttps://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog\n\n2017-07-29 7.0.6-5 Glenn Randers-Pehrson \n * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference\n https://github.com/ImageMagick/ImageMagick/issues/632).\n\n2017-07-24 7.0.6-4 Cristy \n * Fixed numerous memory leaks (reference\n https://github.com/ImageMagick/ImageMagick/issues) including\n https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).\n\n2017-07-23 7.0.6-3 Glenn Randers-Pehrson \n * Fix memory leaks when reading a malformed JNG image:\n https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),\n https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).\n\n2017-07-19 7.0.6-2 Cristy \n * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference\n https://github.com/ImageMagick/ImageMagick/issues/582\n * coders/png.c: fixed NULL dereference when trying to write an empty MNG\n (CVE-2017-11522, reference\n https://github.com/ImageMagick/ImageMagick/issues/586).\n\n2017-06-22 7.0.6-1 Glenn Randers-Pehrson \n * Stop a memory leak in read_user_chunk_callback() (reference\n https://github.com/ImageMagick/ImageMagick/issues/517,\n CVE 2017-11310).\n\nSigned-off-by: Bernd Kuhls \n---\n package/imagemagick/imagemagick.hash | 2 +-\n package/imagemagick/imagemagick.mk | 2 +-\n 2 files changed, 2 insertions(+), 2 deletions(-)","diff":"diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash\nindex d3097f5224..92880a9aec 100644\n--- a/package/imagemagick/imagemagick.hash\n+++ b/package/imagemagick/imagemagick.hash\n@@ -1,2 +1,2 @@\n # Locally computed\n-sha256 3a6b21352ed0eb984bdbd0943471df8605b978b527125921e97e5b404f2bee3a 7.0.6-0.tar.gz\n+sha256 5a45e29509dbb23793a9c8db5c47ef1114c1ee82c9ca60053eaf06b3fc243e2c 7.0.7-1.tar.gz\ndiff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk\nindex 22c29d36a0..9043ce8e5e 100644\n--- a/package/imagemagick/imagemagick.mk\n+++ b/package/imagemagick/imagemagick.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-IMAGEMAGICK_VERSION = 7.0.6-0\n+IMAGEMAGICK_VERSION = 7.0.7-1\n IMAGEMAGICK_SOURCE = $(IMAGEMAGICK_VERSION).tar.gz\n IMAGEMAGICK_SITE = https://github.com/ImageMagick/ImageMagick/archive\n IMAGEMAGICK_LICENSE = Apache-2.0\n","prefixes":["1/1"]}