Hi Salvatore, On Sun, Jul 9, 2017 at 10:06 AM, Salvatore Bonaccorso <car...@debian.org> wrote: > the following vulnerability was published for graphicsmagick. > > CVE-2017-11102[0]: Thanks for the heads-up - luckily I already known this. At the moment I'm sure it affects Stretch as well. I mean, JNG support is not enabled, neither disabled and depends on the software environment GraphicsMagick compiled in. This means any user may compile GraphicsMagick on his/her system, can be vulnerable. The fix is in two commits and while the second seems to be a code cleanup only, it breaks the package. Pinged upstream about it, but I still waiting for the answer.
Regards, Laszlo/GCS