ImageMagick - [Fedora Update] [comment] xine-lib-1.1.20.1-3.fc17, emacs-24.0.94-3.fc17, calibre-0.8.42-1.fc17, perl-GD-SecurityImage-1.71-3.fc17, techne-0.2.1-4.fc17, gdl-0.9.2-5.fc17, autotrace-0.31.1-29.fc17.1, ImageMagick-6.7.5.6-3.fc17

Pavel Alexeev forum at hubbitus.com.ru
Sat Apr 7 11:28:27 UTC 2012


06.04.2012 19:43, Michael Schwendt написал:
> On Fri, 6 Apr 2012 16:57:14 +0200, CF (Christophe) wrote:
>
>> On Fri, Apr 06, 2012 at 07:27:31AM -0600, Orion Poplawski wrote:
>>> Suggestions?  I'm tempted to pushed this to stable so that broken
>>> deps emails start going out to get people to do the needed rebuilds.
>>>
>>> Or perhaps someone in releng can for the needed buildroot overrides?
>>>
>>> Or perhaps we drop the whole endeavor?
>> I'd lean towards this, why do we need to push a soname bump of ImageMagick
>> so late in the game when f17 is already in beta? If there's a critical bug
>> in the f17 package, isn't it possible to backport the fix instead of
>> forcing these rebuilds?
> There are several CVEs. As whether the fixes for them could be backported,
> well, somebody would need to investigate and do it.
Yes, indeed.
There several security issues found 
https://bugzilla.redhat.com/show_bug.cgi?id=807994, 
https://bugzilla.redhat.com/show_bug.cgi?id=807997, 
https://bugzilla.redhat.com/show_bug.cgi?id=807993, 
https://bugzilla.redhat.com/show_bug.cgi?id=808159, 
https://bugzilla.redhat.com/show_bug.cgi?id=804591, 
https://bugzilla.redhat.com/show_bug.cgi?id=804588, 
https://bugzilla.redhat.com/show_bug.cgi?id=808159

I have contacted with upstream author to clarify when it will be fixed 
in main tree. As I'll got answer I'll post update in rawhide asap. 
Really it have worth have that in stable branches also (but it is not in 
my rights now, so I must try find someone with at least with 
provenpackager acl who want help). So have .so.5 in F17 is good idea - 
in this case may be needed rebuild only dependencies explicitly depends 
by ImageMagick version (ruby-RMagick for example), and I think I'll can 
do that with contact of maintainers of that's packages.



More information about the devel mailing list