Ubuntu
imagemagick package

imagemagick policy.xml typo for EPS files in bionic security update (8:6.9.7.4+dfsg-16ubuntu6.4)

Bug #1797647 reported by Steve Beattie on 2018-10-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	imagemagick (Ubuntu)	Fix Released	Undecided	Steve Beattie

Bug Description

The update for imagemagick in bionic (8:6.9.7.4+dfsg-16ubuntu6.4) covered by https://usn.ubuntu.com/3785-1/ did not correctly block encapsulated postscript (EPS) file types.

CVE References

Steve Beattie (sbeattie) on 2018-10-12

summary:	- imagemagic pociy.xml typo for EPS files in bionic security update + imagemagic policy.xml typo for EPS files in bionic security update (8:6.9.7.4+dfsg-16ubuntu6.4)
summary:	- imagemagic policy.xml typo for EPS files in bionic security update + imagemagick policy.xml typo for EPS files in bionic security update (8:6.9.7.4+dfsg-16ubuntu6.4)
Changed in imagemagick (Ubuntu):
assignee:	nobody → Steve Beattie (sbeattie)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-06-25:

This bug was fixed in the package imagemagick - 8:6.9.7.4+dfsg-16ubuntu6.7

---------------
imagemagick (8:6.9.7.4+dfsg-16ubuntu6.7) bionic-security; urgency=medium

  [ Steve Beattie ]
  * SECURITY UPDATE: previous update did not correctly block
    encapsulated postscript (EPS) documents by default (LP: #1797647)
    - debian/patches/200-disable-ghostscript-formats.patch: correctly
      disable EPS files by default in policy.xml

  [ Marc Deslauriers ]
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-*.patch: backport multiple upstream commits.
    - CVE-2017-12805, CVE-2017-12806, CVE-2018-16412, CVE-2018-16413,
      CVE-2018-17965, CVE-2018-17966, CVE-2018-18016, CVE-2018-18024,
      CVE-2018-18025, CVE-2018-18544, CVE-2018-20467, CVE-2019-7175,
      CVE-2019-7395, CVE-2019-7396, CVE-2019-7397, CVE-2019-7398,
      CVE-2019-9956, CVE-2019-10131, CVE-2019-10650, CVE-2019-11470,
      CVE-2019-11472, CVE-2019-11597, CVE-2019-11598
   * debian/tests/rose-*: remove pdf tests.

-- Marc Deslauriers <email address hidden> Thu, 20 Jun 2019 13:38:05 -0400

Changed in imagemagick (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuimagemagick package