On Tue, Jul 18, 2017 at 10:07:35PM +0200, Adam Borowski wrote:
> Actually, imagemagick is one of worst offenders here. The version in Jessie
> is at deb8u9, and every security update tends to mention ~20 CVEs.

... aaaand, just hours later, here comes deb8u10:

# Package        : imagemagick
# CVE ID         : CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501
#                  CVE-2017-10928 CVE-2017-11141 CVE-2017-11170
#                  CVE-2017-11360 CVE-2017-11188
# Debian Bug     : 863126 867367 867778 867721 864273 864274 867806 868264
#                  868184 867810 867808 867811 867812 867896 867798 867821
#                  867824 867825 867826 867893 867823 867894 867897
# 
# This updates fixes several vulnerabilities in imagemagick: Various
# memory handling problems and cases of missing or incomplete input
# sanitising may result in denial of service, memory disclosure or the
# execution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT,
# TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG
# files are processed.

--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ A dumb species has no way to open a tuna can.
⢿⡄⠘⠷⠚⠋⠀ A smart species invents a can opener.
⠈⠳⣄⠀⠀⠀⠀ A master species delegates.