[magick-developers] Critical security problem in ImageMagick <
6.3.3-5 - where was this announced?
Craig Harman
charman at rcbi.rochester.edu
Fri May 18 06:31:30 PDT 2007
A critical security bug was recently found in versions of ImageMagick
before 6.3.3-5. NIST assigned the bug its highest security rating, and
claims the flaw "Provides administrator access, Allows complete
confidentiality, integrity, and availability violation":
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1797
I subscribe to both the 'magick-announce' and 'magick-developers'
mailing list, and have not seen any announcements informing people that
they need to upgrade or risk having their servers compromised. Is there
an official ImageMagick channel for making these types of security
announcements that I am not aware of?
craig
More information about the Magick-developers
mailing list