From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 19 11:44:38 2017 Received: (at submit) by debbugs.gnu.org; 19 Aug 2017 15:44:38 +0000 Received: from localhost ([127.0.0.1]:45745 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj5vR-0004XX-UZ for submit@debbugs.gnu.org; Sat, 19 Aug 2017 11:44:38 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43932) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj5vM-0004XG-Sr for submit@debbugs.gnu.org; Sat, 19 Aug 2017 11:44:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dj5vG-00018J-FZ for submit@debbugs.gnu.org; Sat, 19 Aug 2017 11:44:27 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: * X-Spam-Status: No, score=1.5 required=5.0 tests=BASE64_LENGTH_79_INF, BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:54527) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dj5vG-000181-Av for submit@debbugs.gnu.org; Sat, 19 Aug 2017 11:44:26 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34903) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dj5vE-0006T2-Kj for guix-patches@gnu.org; Sat, 19 Aug 2017 11:44:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dj5vB-000166-FZ for guix-patches@gnu.org; Sat, 19 Aug 2017 11:44:24 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:56608 helo=mta-1.openmailbox.og) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dj5vB-00015Z-4f for guix-patches@gnu.org; Sat, 19 Aug 2017 11:44:21 -0400 Received: by mta-1.openmailbox.og (Postfix, from userid 20002) id 70A3A4E003E; Sat, 19 Aug 2017 17:44:19 +0200 (CEST) Received: from [127.0.0.1] (unknown [10.0.0.4]) by mta-1.openmailbox.og (Postfix) with ESMTP id 936664E001C for ; Sat, 19 Aug 2017 17:44:17 +0200 (CEST) Content-Type: multipart/mixed; boundary="===============4289273377680358066==" MIME-Version: 1.0 Subject: [PATCH] gnu: graphicsmagick: Fix CVE-2017-{12935,12936,12937}. From: kei@openmailbox.org Date: Sat, 19 Aug 2017 15:44:17 -0000 User-Agent: OpenMailBox Webmail To: guix-patches@gnu.org Message-Id: <20170819154419.70A3A4E003E@mta-1.openmailbox.og> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -2.0 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.0 (--) --===============4289273377680358066== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 --===============4289273377680358066== Content-Type: text/x-patch MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="0001-gnu-graphicsmagick-Fix-CVE-2017-12935-12936-12937.patch" RnJvbSBlMTg0ZDQ0MjlhMDBiNjVmZjIzNzg2NGNjZTA0ZDEwNjFhY2NkYmJjIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBLZWkgS2VicmVhdSA8a2VpQG9wZW5tYWlsYm94Lm9yZz4KRGF0ZTogU2F0LCAxOSBBdWcgMjAxNyAxMTozOTozMyAtMDQwMApTdWJqZWN0OiBbUEFUQ0hdIGdudTogZ3JhcGhpY3NtYWdpY2s6IEZpeCBDVkUtMjAxNy17MTI5MzUsMTI5MzYsMTI5Mzd9LgoKKiBnbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNS5wYXRjaCwKZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzYucGF0Y2gsCmdudS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM3LnBhdGNoOiBOZXcgZmlsZXMuCiogZ251L2xvY2FsLm1rIChkaXN0X3BhdGNoX0RBVEEpOiBBZGQgdGhlbS4KKiBnbnUvcGFja2FnZXMvaW1hZ2VtYWdpY2suc2NtIChncmFwaGljc21hZ2ljaylbc291cmNlXTogVXNlIHRoZW0uCi0tLQogZ251L2xvY2FsLm1rICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgMyArKysKIGdudS9wYWNrYWdlcy9pbWFnZW1hZ2ljay5zY20gICAgICAgICAgICAgICAgICAgICAgIHwgIDYgKysrKy0KIC4uLi9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoICAgIHwgMjggKysrKysrKysrKysrKysrKysrKysrKwogLi4uL3BhdGNoZXMvZ3JhcGhpY3 NtYWdpY2stQ1ZFLTIwMTctMTI5MzYucGF0Y2ggICAgfCAxNiArKysrKysrKysrKysrCiAuLi4vcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNy5wYXRjaCAgICB8IDI4ICsrKysrKysrKysrKysrKysrKysrKysKIDUgZmlsZXMgY2hhbmdlZCwgODAgaW5zZXJ0aW9ucygrKSwgMSBkZWxldGlvbigtKQogY3JlYXRlIG1vZGUgMTAwNjQ0IGdudS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoCiBjcmVhdGUgbW9kZSAxMDA2NDQgZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzYucGF0Y2gKIGNyZWF0ZSBtb2RlIDEwMDY0NCBnbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNy5wYXRjaAoKZGlmZiAtLWdpdCBhL2dudS9sb2NhbC5tayBiL2dudS9sb2NhbC5tawppbmRleCAyZDQ5YjFlOTcuLjFjNjE1OGNiZiAxMDA2NDQKLS0tIGEvZ251L2xvY2FsLm1rCisrKyBiL2dudS9sb2NhbC5tawpAQCAtNjc5LDYgKzY3OSw5IEBAIGRpc3RfcGF0Y2hfREFUQSA9CQkJCQkJXAogICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9nb2JqZWN0LWludHJvc3BlY3Rpb24tYWJzb2x1dGUtc2hsaWItcGF0aC5wYXRjaCBcCiAgICVEJS9wYWNrYWdlcy9wYXRjaGVzL2dvYmplY3QtaW50cm9zcGVjdGlvbi1jYy5wYXRjaAkJXAogICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9nb2JqZWN0LWludHJvc3BlY3Rpb24 tZ2lyZXBvc2l0b3J5LnBhdGNoCVwKKyAgJUQlL3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzUucGF0Y2gJXAorICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNi5wYXRjaAlcCisgICVEJS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM3LnBhdGNoCVwKICAgJUQlL3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpdGUyLWZmbG9hdC1zdG9yZS5wYXRjaAkJXAogICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9ncmVwLXRpbWluZy1zZW5zaXRpdmUtdGVzdC5wYXRjaAkJXAogICAlRCUvcGFja2FnZXMvcGF0Y2hlcy9nc2wtdGVzdC1pNjg2LnBhdGNoCQkJXApkaWZmIC0tZ2l0IGEvZ251L3BhY2thZ2VzL2ltYWdlbWFnaWNrLnNjbSBiL2dudS9wYWNrYWdlcy9pbWFnZW1hZ2ljay5zY20KaW5kZXggOGUxNzMwNzU0Li4zYmQ3MDVmYTIgMTAwNjQ0Ci0tLSBhL2dudS9wYWNrYWdlcy9pbWFnZW1hZ2ljay5zY20KKysrIGIvZ251L3BhY2thZ2VzL2ltYWdlbWFnaWNrLnNjbQpAQCAtMTc1LDcgKzE3NSwxMSBAQCBzY3JpcHQuIikKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIvR3JhcGhpY3NNYWdpY2stIiB2ZXJzaW9uICIudGFyLnh6IikpKQogICAgICAgICAgICAgICAoc2hhMjU2CiAgICAgICAgICAgICAgICAoYmFzZTMyCi0gICAgICAgICAgICAgICAgIjEyMnpnczk2ZHFyeXM2Mm1uaDh4NXl2ZmZmNmtt NGQzeXJudmF4emczbWc1c3ByaWI4N3YiKSkpKQorICAgICAgICAgICAgICAgICIxMjJ6Z3M5NmRxcnlzNjJtbmg4eDV5dmZmZjZrbTRkM3lybnZheHpnM21nNXNwcmliODd2IikpCisgICAgICAgICAgICAgIChwYXRjaGVzCisgICAgICAgICAgICAgICAoc2VhcmNoLXBhdGNoZXMgImdyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoIgorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNi5wYXRjaCIKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzcucGF0Y2giKSkpKQogICAgIChidWlsZC1zeXN0ZW0gZ251LWJ1aWxkLXN5c3RlbSkKICAgICAoYXJndW1lbnRzCiAgICAgIGAoIzpjb25maWd1cmUtZmxhZ3MKZGlmZiAtLWdpdCBhL2dudS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoIGIvZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzUucGF0Y2gKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwLi4yY2IzZDQ2ZjYKLS0tIC9kZXYvbnVsbAorKysgYi9nbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNS5wYXRjaApAQCAtMCwwICsxLDI4IEBACitUaGlzIHBhdGNoIGNvbWVzIGZyb20gaHR0cDovL2hnLmNvZGUuc2YubmV0L3AvZ3JhcGhpY3NtY WdpY2svY29kZS9yZXYvY2Q2OTlhNDRmMTg4LgorCitkaWZmIC11ciBhL2NvZGVycy9wbmcuYyBiL2NvZGVycy9wbmcuYworLS0tIGEvY29kZXJzL3BuZy5jCTIwMTctMDctMDQgMTc6MzI6MDguMDAwMDAwMDAwIC0wNDAwCisrKysgYi9jb2RlcnMvcG5nLmMJMjAxNy0wOC0xOSAxMToxNjoyMC45MzM5NjkzNjIgLTA0MDAKK0BAIC00MTAxLDExICs0MTAxLDE3IEBACisgICAgICAgICAgICAgICAgICAgbW5nX2luZm8tPmltYWdlPWltYWdlOworICAgICAgICAgICAgICAgICB9CisgCistICAgICAgICAgICAgICBpZiAoKG1uZ19pbmZvLT5tbmdfd2lkdGggPiA2NTUzNUwpIHx8IChtbmdfaW5mby0+bW5nX2hlaWdodAorLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPiA2NTUzNUwpKQorLSAgICAgICAgICAgICAgICAodm9pZCkgVGhyb3dFeGNlcHRpb24oJmltYWdlLT5leGNlcHRpb24sSW1hZ2VFcnJvciwKKy0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdpZHRoT3JIZWlnaHRFeGNlZWRzTGltaXQsCistICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbWFnZS0+ZmlsZW5hbWUpOworKyAgICAgICAgICAgICAgaWYgKChtbmdfaW5mby0+bW5nX3dpZHRoID4gNjU1MzVMKSB8fAorKyAgICAgICAgICAgICAgICAgIChtbmdfaW5mby0+bW5nX2hlaWdodCA+IDY1NTM1TCkpCisrICAgICAgICAgICAgICAgIHsKKysgICAgICAgIC AgICAgICAgICAodm9pZCkgTG9nTWFnaWNrRXZlbnQoQ29kZXJFdmVudCxHZXRNYWdpY2tNb2R1bGUoKSwKKysgICAgICAgICAgICAgICAgICAgICAgIiAgTU5HIHdpZHRoIG9yIGhlaWdodCBpcyB0b28gbGFyZ2U6ICVsdSwgJWx1IiwKKysgICAgICAgICAgICAgICAgICAgICAgbW5nX2luZm8tPm1uZ193aWR0aCxtbmdfaW5mby0+bW5nX2hlaWdodCk7CisrICAgICAgICAgICAgICAgICAgTWFnaWNrRnJlZU1lbW9yeShjaHVuayk7CisrICAgICAgICAgICAgICAgICAgVGhyb3dSZWFkZXJFeGNlcHRpb24oQ29ycnVwdEltYWdlRXJyb3IsCisrICAgICAgICAgICAgICAgICAgICAgSW1wcm9wZXJJbWFnZUhlYWRlcixpbWFnZSk7CisrICAgICAgICAgICAgICAgIH0KKysKKyAgICAgICAgICAgICAgIEZvcm1hdFN0cmluZyhwYWdlX2dlb21ldHJ5LCIlbHV4JWx1KzArMCIsbW5nX2luZm8tPm1uZ193aWR0aCwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICBtbmdfaW5mby0+bW5nX2hlaWdodCk7CisgICAgICAgICAgICAgICBtbmdfaW5mby0+ZnJhbWUubGVmdD0wOwpkaWZmIC0tZ2l0IGEvZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzYucGF0Y2ggYi9nbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNi5wYXRjaApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAuLjcwMzZmMzc0MwotLS0gL2Rldi9udWxsCisrKyBiL2d udS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM2LnBhdGNoCkBAIC0wLDAgKzEsMTYgQEAKK1RoaXMgcGF0Y2ggY29tZXMgZnJvbSBodHRwOi8vaGcuY29kZS5zZi5uZXQvcC9ncmFwaGljc21hZ2ljay9jb2RlL3Jldi9iZTg5OGI3Yzk3YmQuCisKK2RpZmYgLXVyIGEvY29kZXJzL3dtZi5jIGIvY29kZXJzL3dtZi5jCistLS0gYS9jb2RlcnMvd21mLmMJMjAxNi0wOS0wNSAxNToyMDoyMy4wMDAwMDAwMDAgLTA0MDAKKysrKyBiL2NvZGVycy93bWYuYwkyMDE3LTA4LTE5IDEwOjM4OjA4Ljk4NDE4NzI2NCAtMDQwMAorQEAgLTI3MTksOCArMjcxOSw4IEBACisgICBpZihpbWFnZS0+ZXhjZXB0aW9uLnNldmVyaXR5ICE9IFVuZGVmaW5lZEV4Y2VwdGlvbikKKyAgICAgVGhyb3dFeGNlcHRpb24yKGV4Y2VwdGlvbiwKKyAgICAgICAgICAgICAgICAgICAgQ29kZXJXYXJuaW5nLAorLSAgICAgICAgICAgICAgICAgICBkZGF0YS0+aW1hZ2UtPmV4Y2VwdGlvbi5yZWFzb24sCistICAgICAgICAgICAgICAgICAgIGRkYXRhLT5pbWFnZS0+ZXhjZXB0aW9uLmRlc2NyaXB0aW9uKTsKKysgICAgICAgICAgICAgICAgICAgaW1hZ2UtPmV4Y2VwdGlvbi5yZWFzb24sCisrICAgICAgICAgICAgICAgICAgIGltYWdlLT5leGNlcHRpb24uZGVzY3JpcHRpb24pOworIAorICAgaWYobG9nZ2luZykKKyAgICAgKHZvaWQpIExvZ01hZ2lja0V2ZW50KENvZGVyRXZlbnQsR2V0TWFnaWNrTW9kdWxlKCksImxl YXZlIFJlYWRXTUZJbWFnZSgpIik7CmRpZmYgLS1naXQgYS9nbnUvcGFja2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNy5wYXRjaCBiL2dudS9wYWNrYWdlcy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM3LnBhdGNoCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMC4uNzFhZjlmZmU1Ci0tLSAvZGV2L251bGwKKysrIGIvZ251L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzcucGF0Y2gKQEAgLTAsMCArMSwyOCBAQAorVGhpcyBwYXRjaCBjb21lcyBmcm9tIGh0dHA6Ly9oZy5jb2RlLnNmLm5ldC9wL2dyYXBoaWNzbWFnaWNrL2NvZGUvcmV2Lzk1ZDAwZDU1ZTk3OC4KKworZGlmZiAtdXIgYS9jb2RlcnMvc3VuLmMgYi9jb2RlcnMvc3VuLmMKKy0tLSBhL2NvZGVycy9zdW4uYwkyMDE2LTA1LTMwIDEzOjE5OjU0LjAwMDAwMDAwMCAtMDQwMAorKysrIGIvY29kZXJzL3N1bi5jCTIwMTctMDgtMTggMTg6MDA6MDAuMTkxMDIzNjEwIC0wNDAwCitAQCAtMSw1ICsxLDUgQEAKKyAvKgorLSUgQ29weXJpZ2h0IChDKSAyMDAzLTIwMTUgR3JhcGhpY3NNYWdpY2sgR3JvdXAKKyslIENvcHlyaWdodCAoQykgMjAwMy0yMDE3IEdyYXBoaWNzTWFnaWNrIEdyb3VwCisgJSBDb3B5cmlnaHQgKEMpIDIwMDIgSW1hZ2VNYWdpY2sgU3R1ZGlvCisgJSBDb3B5cmlnaHQgMTk5MS0xOTk5IEUuIEkuIGR1IFBvbnQgZGUgTmVtb3VycyBhbmQgQ 29tcGFueQorICUKK0BAIC01NzcsNiArNTc3LDcgQEAKKyAgICAgICAgICAgZm9yIChiaXQ9NzsgYml0ID49IDA7IGJpdC0tKQorICAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAgIGluZGV4PSgoKnApICYgKDB4MDEgPDwgYml0KSA/IDB4MDEgOiAweDAwKTsKKysgICAgICAgICAgICAgIFZlcmlmeUNvbG9ybWFwSW5kZXgoaW1hZ2UsaW5kZXgpOworICAgICAgICAgICAgICAgaW5kZXhlc1t4KzctYml0XT1pbmRleDsKKyAgICAgICAgICAgICAgIHFbeCs3LWJpdF09aW1hZ2UtPmNvbG9ybWFwW2luZGV4XTsKKyAgICAgICAgICAgICB9CitAQCAtNTg3LDYgKzU4OCw3IEBACisgICAgICAgICAgICAgZm9yIChiaXQ9NzsgYml0ID49IChsb25nKSAoOC0oaW1hZ2UtPmNvbHVtbnMgJSA4KSk7IGJpdC0tKQorICAgICAgICAgICAgICAgeworICAgICAgICAgICAgICAgICBpbmRleD0oKCpwKSAmICgweDAxIDw8IGJpdCkgPyAweDAxIDogMHgwMCk7CisrICAgICAgICAgICAgICAgIFZlcmlmeUNvbG9ybWFwSW5kZXgoaW1hZ2UsaW5kZXgpOworICAgICAgICAgICAgICAgICBpbmRleGVzW3grNy1iaXRdPWluZGV4OworICAgICAgICAgICAgICAgICBxW3grNy1iaXRdPWltYWdlLT5jb2xvcm1hcFtpbmRleF07CisgICAgICAgICAgICAgICB9Ci0tIAoyLjEzLjQKCg== --===============4289273377680358066==-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 19 12:12:01 2017 Received: (at 28147) by debbugs.gnu.org; 19 Aug 2017 16:12:01 +0000 Received: from localhost ([127.0.0.1]:45780 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj6Lw-0005BG-Se for submit@debbugs.gnu.org; Sat, 19 Aug 2017 12:12:01 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:54357) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dj6Ls-0005B5-Hk for 28147@debbugs.gnu.org; Sat, 19 Aug 2017 12:11:58 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 45A2321A03; Sat, 19 Aug 2017 12:11:56 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Sat, 19 Aug 2017 12:11:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=JZqLxq4BpuWX4FoghRQNSO5QK7rFZOapkAe4MFZpt 7k=; b=MtDJTE+cDwv9za66fquna+nzykKsHRYdDZd0tssBvPd6WaPhZ8c7KvI+y GN17e04cnTOMCldWoqTysxaoOMv4bcrqUMQCd60KBn8EQSqazLuJBUFzeJcr4GxM mT+zwDTbemhlcrAcv52hCtXsZx7u8vQGlsT9Ak+TMv47L8gPsW3NvI0DmY91pE/k f/N4k/ePtT4Tsz1p3ux6bfOrm605PRk0fLoahBRcC9O1XXznQ0ThP/1maddR4lIQ XHvdIvLxMaCsjN/pGul0ykT0P7oj6Rd3wnpjRf9LvGwTr5wARy5avSkQocZsNWg5 c41pE2lT5uZY5qv8L0vF3iAnBjUTA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=JZqLxq4BpuWX4FoghR QNSO5QK7rFZOapkAe4MFZpt7k=; b=CGhJ8nQnP5Gi/izpjfIcPLcfmMDcUolD1V tZaF7hZ3VdQu6JYg/kgrZcJDSPcgOh3F2ugEPC7M7LUneaoXyXyMVW/ZMJhlMkwo 8cCR3VGxHY+irR3V7HieMw6jfI0LDxx2GAGVYmC5F5jY0FfAHKNKzqEFaFIP+0/f QPxqAmmEfTQQZOEgsaCLBGSYYWKLYY4wqwe96qbThIssPGitCHjYlW0BuqmtBxOw VNrhsTDGbXAbhQh9moJIyCqLUoiTPFJixSIZCOcJHvYxNdA3AeHBunTyegXau0g5 ZcCazQt6OioATvr4nfF4gOjWnP4ZR/OzrRUMXve2jIsd8qxSum7A== X-ME-Sender: X-Sasl-enc: 5bo0ldv/xQGS/yTYXdmQtE1TpCMdTJXQyEhDZoSQ7Nn3 1503159115 Received: from localhost (unknown [188.113.81.93]) by mail.messagingengine.com (Postfix) with ESMTPA id D1A79240B1; Sat, 19 Aug 2017 12:11:55 -0400 (EDT) From: Marius Bakke To: kei@openmailbox.org, 28147@debbugs.gnu.org Subject: Re: [bug#28147] [PATCH] gnu: graphicsmagick: Fix CVE-2017-{12935, 12936, 12937}. In-Reply-To: <20170819154419.70A3A4E003E@mta-1.openmailbox.og> References: <20170819154419.70A3A4E003E@mta-1.openmailbox.og> User-Agent: Notmuch/0.25 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) Date: Sat, 19 Aug 2017 18:11:24 +0200 Message-ID: <87a82vy1ub.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28147 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain kei@openmailbox.org writes: > From e184d4429a00b65ff237864cce04d1061accdbbc Mon Sep 17 00:00:00 2001 > From: Kei Kebreau > Date: Sat, 19 Aug 2017 11:39:33 -0400 > Subject: [PATCH] gnu: graphicsmagick: Fix CVE-2017-{12935,12936,12937}. > > * gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch, > gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch, > gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch: New files. > * gnu/local.mk (dist_patch_DATA): Add them. > * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Use them. LGTM, thanks! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlmYYy0ACgkQoqBt8qM6 VPp6NQgA1FtDqZBdL4fIAPfRAhZSTmspd2RFz3RCC3/+yQzq/3ASA+F858tnG9Bc cz+QIyOfjYlPv1zdpodyx5EUo/o/LTQxXTJjiwZD6Dk0qq0wf0vS5y7d2xxeImY5 zSqTxUXVZsHhPgePg2FQNTW2IluyqKb3xxh0uKy6OE0blhj6I4ibfrOtZnBXs7I+ A0LuEogMwuDj5uC1JcLdOMJGATY5MfREib7CUZeh46384D61h+znxSzSDD/LMKTT 8EZ6cfpZJWDEhvnaWD8dhxk1Li70gKyRES6+tssVf0RkSdf9GKoraFYA9gq7TOPS z6vFUhANYr8gdMj2D51kb4iKILLo5A== =0R97 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 20 08:38:15 2017 Received: (at 28147-done) by debbugs.gnu.org; 20 Aug 2017 12:38:15 +0000 Received: from localhost ([127.0.0.1]:46174 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1djPUd-0003kP-CM for submit@debbugs.gnu.org; Sun, 20 Aug 2017 08:38:15 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:44725 helo=mta-1.openmailbox.og) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1djPUZ-0003kF-Fl for 28147-done@debbugs.gnu.org; Sun, 20 Aug 2017 08:38:13 -0400 Received: by mta-1.openmailbox.og (Postfix, from userid 20002) id B05644E002A; Sun, 20 Aug 2017 14:38:10 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR003 X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=ALL_TRUSTED,MISSING_MID, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (unknown [10.0.0.4]) by mta-1.openmailbox.og (Postfix) with ESMTP id 4FA594E001A; Sun, 20 Aug 2017 14:38:06 +0200 (CEST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Subject: Re: [bug#28147] [PATCH] gnu: graphicsmagick: Fix CVE-2017-{12935, 12936, 12937}. From: kei@openmailbox.org Date: Sun, 20 Aug 2017 12:38:06 -0000 User-Agent: OpenMailBox Webmail To: Marius Bakke Message-Id: <20170820123810.B05644E002A@mta-1.openmailbox.og> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28147-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) PiBrZWlAb3Blbm1haWxib3gub3JnIHdyaXRlczoKPiAKPj4gRnJvbSBlMTg0ZDQ0MjlhMDBiNjVm ZjIzNzg2NGNjZTA0ZDEwNjFhY2NkYmJjIE1vbiBTZXAgMTcgMDA6MDA6MDAgMjAwMQo+PiBGcm9t OiBLZWkgS2VicmVhdSA8a2VpQG9wZW5tYWlsYm94Lm9yZz4KPj4gRGF0ZTogU2F0LCAxOSBBdWcg MjAxNyAxMTozOTozMyAtMDQwMAo+PiBTdWJqZWN0OiBbUEFUQ0hdIGdudTogZ3JhcGhpY3NtYWdp Y2s6IEZpeCBDVkUtMjAxNy17MTI5MzUsMTI5MzYsMTI5Mzd9Lgo+Pgo+PiAqIGdudS9wYWNrYWdl cy9wYXRjaGVzL2dyYXBoaWNzbWFnaWNrLUNWRS0yMDE3LTEyOTM1LnBhdGNoLAo+PiBnbnUvcGFj a2FnZXMvcGF0Y2hlcy9ncmFwaGljc21hZ2ljay1DVkUtMjAxNy0xMjkzNi5wYXRjaCwKPj4gZ251 L3BhY2thZ2VzL3BhdGNoZXMvZ3JhcGhpY3NtYWdpY2stQ1ZFLTIwMTctMTI5MzcucGF0Y2g6IE5l dyBmaWxlcy4KPj4gKiBnbnUvbG9jYWwubWsgKGRpc3RfcGF0Y2hfREFUQSk6IEFkZCB0aGVtLgo+ PiAqIGdudS9wYWNrYWdlcy9pbWFnZW1hZ2ljay5zY20gKGdyYXBoaWNzbWFnaWNrKVtzb3VyY2Vd OiBVc2UgdGhlbS4KPiAKPiBMR1RNLCB0aGFua3MhCgpUaGFua3MgZm9yIHRoZSByZXZpZXchIFB1 c2hlZCB0byBtYXN0ZXIgYXMKNmQ3ZDlkOTUwNzQ4NDc3M2VmZjY5N2EwMWY0MjJlYTk4NDkzNjM3 My4= From unknown Thu Jun 19 14:25:33 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 18 Sep 2017 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator