:: Re: [DNG] VBScript Injection via GN…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Olaf Meeuwissen
Date:  
À: Adam Borowski
CC: dng
Sujet: Re: [DNG] VBScript Injection via GNOME Thumbnailer
Hi,

Adam Borowski writes:

> On Tue, Jul 18, 2017 at 10:07:35PM +0200, Adam Borowski wrote:
>> Actually, imagemagick is one of worst offenders here. The version in Jessie
>> is at deb8u9, and every security update tends to mention ~20 CVEs.
>
> ... aaaand, just hours later, here comes deb8u10:
>
> # Package        : imagemagick
> # CVE ID         : CVE-2017-9439 CVE-2017-9440 CVE-2017-9500 CVE-2017-9501
> #                  CVE-2017-10928 CVE-2017-11141 CVE-2017-11170
> #                  CVE-2017-11360 CVE-2017-11188
> # Debian Bug     : 863126 867367 867778 867721 864273 864274 867806 868264
> #                  868184 867810 867808 867811 867812 867896 867798 867821
> #                  867824 867825 867826 867893 867823 867894 867897


Totally untested, but you might try to replace imagemagick with
graphicsmagick. It's at deb8u ;-)

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join