Debian DLA-1948-1 : ruby-mini-magick security update

In lib/minimagick/image.rb in ruby-mini-magick, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command. For Debian 8 'Jessie', this problem has been fixed in version...

CVE-2019-13574

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

Input validation

In lib/minimagick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernelopen, which accepts a '|' character followed by a command...

CVE-2019-13574

The CVE concerns MiniMagick before 4.9.4: in lib/mini_magick/image.rb, a fetched remote image filename could be passed directly to Kernel.open, with the leading ‘|’ indicating a shell command, enabling remote command execution. Connected advisories confirm the issue is a remote command execution ...