Date: Tue, 31 May 2016 08:56:55 -0500 (CDT) From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> To: Stefan Cornelius <scorneli@...hat.com> cc: oss-security@...ts.openwall.com Subject: Re: Security issues addressed in GraphicsMagick SVG reader On Tue, 31 May 2016, Stefan Cornelius wrote: > On Fri, 27 May 2016 09:37:38 -0500 (CDT) > Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> wrote: > >> =========================================== >> SVG Security Improvements in GraphicsMagick >> =========================================== >> >> This is a summary of security improvements made to development >> GraphicsMagick's SVG reader since the 1.3.23 release. These >> improvements were made in response to fuzz testing by Gustavo Grieco >> (using Quickfuzz) which and which resulted in CVE-2016-2317 and >> CVE-2016-2318. We are thankful that Gustavo has been willing to >> continue fuzz testing as improvements have been made. > > Hi, > > I'm curious, are these the CVEs for the issues that still have an > outstanding CVE request at http://seclists.org/oss-sec/2016/q2/180 - or > are they completely unrelated? > > (If they are indeed the same/related, can you give more details about > the exact mapping?) Gustavo Grieco's CVE request regarding DoS is completely unrelated to the listed CVEs (CVE-2016-2317/CVE-2016-2318). Regardless, fixes were made for these two issues as well and are included in the release. Bob -- Bob Friesenhahn bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ