Hi, Several security vulnerabilities were discovered in Ghostscript in recent weeks. Although all known issues were fixed, there is still a chance that there are more of them, yet undiscovered. The security researcher who found those issues recommends to disable Ghostscript handled formats by default in Imagemagick. [1] I think this should be extended to Graphicsmagick too.
Thorsten, you are currently working on Imagemagick. Could you apply this patch [2] from Ubuntu to our package as well? [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2 [2] https://git.launchpad.net/ubuntu/+source/imagemagick/plain/debian/patches/300-disable-ghostscript-formats.patch?h=ubuntu/trusty-security Regards, Markus
signature.asc
Description: OpenPGP digital signature
