Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Vulnerability Roundup 21 #22549
Note: The list of people CC'd on this issue participated in the last
Permanent CC's: @joepie91, @phanimahesh, @the-kenny, @7c6f434c, @k0001
Notes on the list
Upon Completion ...
Without further ado...
Assorted (27 issues)
GraphicsMagick (2 issues)
kernel (3 issues)
libtiff (2 issues)
rtmpdump (2 issues)
@grahamc, we have another issue.
For emacs, if we simply only build the proper gtk UI, we should be fine and get rid of xwidgets.
I don't know about the others though.
The graphicsmagick CVEs are weird. They seem to rather apply to imagemagick. As OpenSUSE is generally lagging behind on security updates a bit compared to other distros and graphicsmagick has a revamped codebase, I don't think all those issues also apply to graphicsmagick and OpenSUSE made some kind of error here. In the Debian security tracker those CVEs were assigned to imagemagick and not to graphicsmagick.
What a treat to wake up to!
@peterhoeg if we drop xwidgets, will that break emacs on darwin? ( @LnL7, @copumpkin ) After 17.03 releases, we should be in much closer shape to drop 24. I don't know that there is anything we can do about this for now :( maybe either: Debian has patches in this area?
GraphicsMagick / ImageMagick is always weird. The only way I can tell the difference is via version numbers being very different. I'll try and figure it out, but frequently I just go back and try and find out if we're behind in versions.
epiphany: "Thanks to Hussam for reporting this bug so quickly after it was introduced" seems to suggest it might not, indeed, be present in 3.20.