On 22/11/2018 07:23, Bengt Gördén wrote:
On 2018-10-08 19:00, Dominique Leuenberger wrote:
==== ImageMagick ==== Subpackages: ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick
- allow writing PS, PS2, PS3, XPS, EPS and PDF, disable reading
only by default security policy [bsc#1105592c#32]
- also disable EPS coder in default policy.xml [bsc#1105592]
It seems to me that this has been fixed since 24 Jul 2017. Is it still needed to have reading disabled in policy.xml?
I don't believe CVE-2017-11532 is the reason for disabling those coders have a read of https://bugzilla.suse.com/show_bug.cgi?id=1105592