projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 94bb89a) | patch
package/imagemagick: (security) bump to version 7.0.10-28
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 30 Aug 2020 11:58:13 +0000 (13:58 +0200)
committerArnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Sun, 30 Aug 2020 17:03:43 +0000 (19:03 +0200)
commit8f2fe00f0890d846b52adc19bccaf72842e36d85
treed3eef4c30223de9c0a81f213c998bc0d7259ccdctree
parent94bb89ad578cbab1624af6492b25b74130500c29commit | diff
package/imagemagick: (security) bump to version 7.0.10-28

- Fix CVE-2019-17547: In ImageMagick before 7.0.8-62, TraceBezier in
  MagickCore/draw.c has a use-after-free.
- Fix CVE-2019-18853: ImageMagick before 7.0.9-0 allows remote attackers
  to cause a denial of service because XML_PARSE_HUGE is not properly
  restricted in coders/svg.c, related to SVG and libxml2.
- Update hash of LICENSE file (update in year with
  https://github.com/ImageMagick/ImageMagick/commit/f775a5cf27a95c42bb6d19b50f4869db265fdaa9)
- Update indentation in hash file (two spaces)
- Switch to github helper - it has always been an autogenerated archive.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: use github helper]
package/imagemagick/imagemagick.hash diff | blob | history
package/imagemagick/imagemagick.mk diff | blob | history