Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 May 2016 11:09:44 +0200
From: Stefan Cornelius <scorneli@...hat.com>
To: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
Cc: oss-security@...ts.openwall.com
Subject: Re: Security issues addressed in GraphicsMagick SVG
 reader

On Fri, 27 May 2016 09:37:38 -0500 (CDT)
Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> wrote:

> ===========================================
> SVG Security Improvements in GraphicsMagick
> ===========================================
> 
> This is a summary of security improvements made to development
> GraphicsMagick's SVG reader since the 1.3.23 release.  These
> improvements were made in response to fuzz testing by Gustavo Grieco
> (using Quickfuzz) which and which resulted in CVE-2016-2317 and
> CVE-2016-2318.  We are thankful that Gustavo has been willing to
> continue fuzz testing as improvements have been made.

Hi,

I'm curious, are these the CVEs for the issues that still have an
outstanding CVE request at http://seclists.org/oss-sec/2016/q2/180 - or
are they completely unrelated?

(If they are indeed the same/related, can you give more details about
the exact mapping?)

Thanks, 
-- 
Stefan Cornelius / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ