From fa6c6dae76a84dbbededa9b1053e4a90243b673f Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Sat, 24 Sep 2016 16:46:13 +0200
Subject: [PATCH] imagemagick: 6.9.5-2 -> 6.9.5-10

Fixes lots of CVEs, including the recent:

  * CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
  * CVE-2016-5687
  * CVE-2016-5010
  * CVE-2016-5688
  * CVE-2016-5689, CVE-2016-5690, CVE-2016-5691
  * CVE-2016-5841 and CVE-2016-5842
  * CVE-2016-6491
  * CVE-2016-6520

cc #18856
---
 pkgs/applications/graphics/ImageMagick/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/graphics/ImageMagick/default.nix b/pkgs/applications/graphics/ImageMagick/default.nix
index 6d507c5d227..d481bb934d4 100644
--- a/pkgs/applications/graphics/ImageMagick/default.nix
+++ b/pkgs/applications/graphics/ImageMagick/default.nix
@@ -11,11 +11,12 @@ let
     else throw "ImageMagick is not supported on this platform.";
 
   cfg = {
-    version = "6.9.5-2";
-    sha256 = "09h3rpr1jnzd7ipy5d16r2gi0bwg4hk5khwzv4cyhv1xzs8pk7pj";
+    version = "6.9.5-10";
+    sha256 = "0cxjzqzca80vf6sfx4z9zq4wq2w0vy9ajp9kf88jb4na8mwsn198";
     patches = [];
   }
     # Freeze version on mingw so we don't need to port the patch too often.
+    # FIXME: This version has multiple security vulnerabilities
     // lib.optionalAttrs (stdenv.cross.libc or null == "msvcrt") {
         version = "6.9.2-0";
         sha256 = "17ir8bw1j7g7srqmsz3rx780sgnc21zfn0kwyj78iazrywldx8h7";