cvs commit: ports/graphics/GraphicsMagick Makefile distinfo
Mikhail Teterin
mi+kde at aldan.algebra.com
Tue Apr 29 12:34:11 UTC 2008
On вівторок 29 квітень 2008, Henrik Brix Andersen wrote:
= > Update to 1.1.12, which (partially) fixes some potential security
= > flaws...
=
= The flaws are only partially fixed? Or the update is only partially a
= security update?
My understanding -- from the author's description (CC-ed) -- is that the flaws
are inherent and can not be /fully/ fixed. ImageMagick and GraphicsMagick
both look at the filename for the "special characters" and extensions. By
carefully crafting those, it may be possible to cause them to launch other
executables...
There should be more in the ChangeLog...
-mi
More information about the cvs-ports
mailing list