-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 06 May 2016 07:55:49 +0100 Source: ikiwiki Binary: ikiwiki Architecture: all source Version: 3.20141016.3 Distribution: jessie-security Urgency: high Maintainer: Simon McVittie <smcv@debian.org> Changed-By: Simon McVittie <smcv@debian.org> Description: ikiwiki - a wiki compiler Changes: ikiwiki (3.20141016.3) jessie-security; urgency=high . [ Simon McVittie ] * img: stop ImageMagick trying to be clever if filenames contain a colon, avoiding mis-processing * HTML-escape error messages, in one case avoiding potential cross-site scripting (OVE-20160505-0012) * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714: - img: force common Web formats to be interpreted according to extension, so that "allowed_attachments: '*.jpg'" does what one might expect - img: restrict to JPEG, PNG and GIF images by default, again mitigating CVE-2016-3714 and similar vulnerabilities - img: check that the magic number matches what we would expect from the extension before giving common formats to ImageMagick . [ Joey Hess ] * img: Add back support for SVG images, bypassing ImageMagick and simply passing the SVG through to the browser, which is supported by all commonly used browsers these days. SVG scaling by img directives has subtly changed; where before size=wxh would preserve aspect ratio, this cannot be done when passing them through and so specifying both a width and height can change the SVG's aspect ratio. Checksums-Sha1: 65def5ad90f38d3934e982d3b9b7e8f7c27bfdae 1899 ikiwiki_3.20141016.3.dsc a0d1ba4e17e491a113089e4dc74c0f59cb5ce4e2 3268755 ikiwiki_3.20141016.3.tar.gz 669bdc6ca47712113dbc34a9bf4ec2db06f41744 1428292 ikiwiki_3.20141016.3_all.deb Checksums-Sha256: 5648aaa9bfa1c5835073cb8baeed449a75850ffba6ba0bfb857e3afd16793900 1899 ikiwiki_3.20141016.3.dsc bb9e9618a7e04b229a3d329ef66343381cd7cb77df603b4ff595313c2414581a 3268755 ikiwiki_3.20141016.3.tar.gz 77b122ca9679f4573fc5fc077dad59a021bc1478fe3b5f5b6bd5d72512fd66fe 1428292 ikiwiki_3.20141016.3_all.deb Files: 44630cdc7ce71506d88b2f9445291bc9 1899 web optional ikiwiki_3.20141016.3.dsc 352f16da52a29fdf749bd80bad7c913f 3268755 web optional ikiwiki_3.20141016.3.tar.gz 44fe4deb17ff3e0c7d6fb75ac7724bba 1428292 web optional ikiwiki_3.20141016.3_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJXLl51AAoJEE3o/ypjx8yQRg0P/03PZHgv5zYNk2WZAfBnZEVV z0e/a8ekon0nlEaVqQqrFdx/UCCnnAL17vm4aF80+5MP043Wi7lx5OXmOeLN3Ih4 TquG4vdRc3nXHFwJJWxOn/kF7JOXhnZXbZGgTQzmJnvED5M0LMFhc/BPVsyRHnfb V8ppvtLXmFsKJ/OKrL2wBN1Tx9ZYec5f1ZobPW+qVoEdUZF0p2++M44gz+2fjyE3 YqhaL3qFM1HgIIGuyWOAYh2cMnqV5VFffCEMs/B0D3j5kJGmUkSC2LWjsoAOBQ0u fJvpEFQ3UHwRlTGiFg3XEkOA/AjnUQZlHcM3G0XEW4IKTHbkeEuhAahx4gHsAAMI 2nesgwUSZQjw/pQA3GDf0uwn3Os1NkQT6dHERusO4Gx++R9cMcWF1jWM17zgp8bL 97Qr8/sZQvWlmZvJFmrcffGaBCwMmc1DrMJt+8w8bn53TZgJGSx7dg4k/9oDxGQQ FWAZOBQRzOQZdPtvqndaH9ibc/7fVf3pQT7t3CiFcVtK8Mqth/NAqat35t9FTjjC +yywoMbnWPtO8saNQ09RJb33qlANb85Bnw/Li+Es7V7Z3dzp3E4RK3Y5sCttvOAW QFCL+3V1irt7ebI88utw2er92DRN0Q5z6EM+k4zXWZG7q9I5h0m2h5HAA3SVIYUd ZkuqH54AMM3Jwv0u8pir =9Sj4 -----END PGP SIGNATURE-----