Date: Thu, 1 Jan 2015 15:41:50 +0100 From: Bastien ROUCARIES <roucaries.bastien@...il.com> To: Gynvael Coldwind <gynvael@...dwind.pl> Cc: oss-security@...ts.openwall.com, jodie.cunningham+osssecurity@...il.com Subject: Re: Imagemagick fuzzing bug On Wed, Dec 24, 2014 at 10:32 PM, Gynvael Coldwind <gynvael@...dwind.pl> wrote: > Hey, > > Original reporter from google side here. > >> >> You are aware that there is graphicsmagick which shares lots of code >> with im (it's an early fork)? It'd be nice to also report these issues >> to them if they apply. (I also reported a couple of issues in both >> im/gm lately and devs were always quick to fix things) > > > Do you know if either im or gm backport fixes from each other? > I fuzzed only im, so I've reported to im. I don't mind reporting to both in > the future, but if they DO backport fixes, that would lead into collisions > (i.e. two different fixes for one bug, makes merging harder). Usually I ask fordebian graphickmagick to check the code condition. But to my best knowledge they do not backport, except if you ask. So you should try your image on graphicmagick and check if it crash BTW one patch was not correct please found updated patch queue here: http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-patches/184.108.40.206-5 I have backported to 220.127.116.11 here http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian/18.104.22.168-5%2bdeb7u4 (not yet fully tested) And i plan to backport to 22.214.171.124 Bastien > Cheers, > Gynvael
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ