Date: Tue, 31 May 2016 11:09:44 +0200 From: Stefan Cornelius <scorneli@...hat.com> To: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> Cc: oss-security@...ts.openwall.com Subject: Re: Security issues addressed in GraphicsMagick SVG reader On Fri, 27 May 2016 09:37:38 -0500 (CDT) Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> wrote: > =========================================== > SVG Security Improvements in GraphicsMagick > =========================================== > > This is a summary of security improvements made to development > GraphicsMagick's SVG reader since the 1.3.23 release. These > improvements were made in response to fuzz testing by Gustavo Grieco > (using Quickfuzz) which and which resulted in CVE-2016-2317 and > CVE-2016-2318. We are thankful that Gustavo has been willing to > continue fuzz testing as improvements have been made. Hi, I'm curious, are these the CVEs for the issues that still have an outstanding CVE request at http://seclists.org/oss-sec/2016/q2/180 - or are they completely unrelated? (If they are indeed the same/related, can you give more details about the exact mapping?) Thanks, -- Stefan Cornelius / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ