Page 1 of 1
Where is change log?
Posted: 2012-05-15T10:43:16-07:00
by mrmikel
Image Magick is used in calibre and it has not been updated in calibre. The developer wants to know if there are security issues which would require this. It trips Secunia PSI 2.0, so I want to be able tell the developer to update or Secunia there is no security issue.
Re: Where is change log?
Posted: 2012-05-15T10:49:09-07:00
by fmw42
Re: Where is change log?
Posted: 2012-05-15T10:51:51-07:00
by mrmikel
Then there are no security issues after 6.5.2-8, which is older than the version that calibre uses?
Re: Where is change log?
Posted: 2012-05-15T11:01:54-07:00
by fmw42
mrmikel wrote:Then there are no security issues after 6.5.2-8, which is older than the version that calibre uses?
That is beyond my understanding. You need to hear back from Magick for further details.
Re: Where is change log?
Posted: 2012-05-15T11:27:55-07:00
by magick
Security issues are tagged in the ChangeLog by CVE #. For example, @
http://www.imagemagick.org/script/changelog.php:
2012-01-30 6.7.5-1 Cristy <quetzlzacatenango@image...>
Prevent overflow when casting short int to size_t when parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the beginning of the IFD itself [CVE-2012-0247].