Tagging this update now as it is an urgent fix. This update includes a soname bump so affected packages will need to be rebuilt by the package maintainer or someone with proven packager privs.
This update fixes ImageTragick in Fedora as well as numerous other security issues such as:
Please login to add feedback.
This update has been submitted for testing by moezroy.
mooninite edited this update.
Not acceptable, see update policy.
This update has been pushed to testing.
The required rebuilds have to be done first and then pushed as one ssingle update. But the update is not compatible with update policy anyway :( (soname bump etc.)
Yeah, this is bad and wrong. Please don't do this.
Looking at ImageMagick upstream, there appears to have been a 6.9.9 release made at the same time as the 7.0.6 release. It seems likely that has the necessary security fixes without the backwards incompatibility. Can you please verify that and send 6.9.9 out as an update for F25 and F26 instead of 7.0.6, if it does indeed address the security issues? Thanks.
This update has been obsoleted.
sorry, that is, the release that came out was versioned '6.9.9-9' upstream, which I think would be '6.9.9.9' to us.
@adamwill Even 6.9.9.X breaks SO-name. @kevin did an update to that in Rawhide before branching and it required several rebuilds. So IMHO it doesn't matter which version gets pushed, since both require the rebuild of their consuming apps and libs.
@moezroy Please rebuild all consumers of libimagemagick against this update / or 6.9.9.X and make sure they are a part of this update.
ABI breakage.