On 22/11/2018 07:23, Bengt Gördén wrote:
On 2018-10-08 19:00, Dominique Leuenberger wrote:
==== ImageMagick ==== Subpackages: ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick
- allow writing PS, PS2, PS3, XPS, EPS and PDF, disable reading only by default security policy [bsc#1105592c#32] - also disable EPS coder in default policy.xml [bsc#1105592] [bsc#1109976#c7]
It seems to me that this has been fixed since 24 Jul 2017. Is it still needed to have reading disabled in policy.xml?
https://github.com/ImageMagick/ImageMagick/issues/563#issuecomment-317288181
I don't believe CVE-2017-11532 is the reason for disabling those coders have a read of https://bugzilla.suse.com/show_bug.cgi?id=1105592 -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org