Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 31 May 2016 08:56:55 -0500 (CDT)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: Stefan Cornelius <scorneli@...hat.com>
cc: oss-security@...ts.openwall.com
Subject: Re: Security issues addressed in GraphicsMagick SVG
 reader

On Tue, 31 May 2016, Stefan Cornelius wrote:

> On Fri, 27 May 2016 09:37:38 -0500 (CDT)
> Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> wrote:
>
>> ===========================================
>> SVG Security Improvements in GraphicsMagick
>> ===========================================
>>
>> This is a summary of security improvements made to development
>> GraphicsMagick's SVG reader since the 1.3.23 release.  These
>> improvements were made in response to fuzz testing by Gustavo Grieco
>> (using Quickfuzz) which and which resulted in CVE-2016-2317 and
>> CVE-2016-2318.  We are thankful that Gustavo has been willing to
>> continue fuzz testing as improvements have been made.
>
> Hi,
>
> I'm curious, are these the CVEs for the issues that still have an
> outstanding CVE request at http://seclists.org/oss-sec/2016/q2/180 - or
> are they completely unrelated?
>
> (If they are indeed the same/related, can you give more details about
> the exact mapping?)

Gustavo Grieco's CVE request regarding DoS is completely unrelated to 
the listed CVEs (CVE-2016-2317/CVE-2016-2318).  Regardless, fixes were 
made for these two issues as well and are included in the release.

Bob
-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ