Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 31 May 2016 08:56:55 -0500 (CDT)
From: Bob Friesenhahn <>
To: Stefan Cornelius <>
Subject: Re: Security issues addressed in GraphicsMagick SVG

On Tue, 31 May 2016, Stefan Cornelius wrote:

> On Fri, 27 May 2016 09:37:38 -0500 (CDT)
> Bob Friesenhahn <> wrote:
>> ===========================================
>> SVG Security Improvements in GraphicsMagick
>> ===========================================
>> This is a summary of security improvements made to development
>> GraphicsMagick's SVG reader since the 1.3.23 release.  These
>> improvements were made in response to fuzz testing by Gustavo Grieco
>> (using Quickfuzz) which and which resulted in CVE-2016-2317 and
>> CVE-2016-2318.  We are thankful that Gustavo has been willing to
>> continue fuzz testing as improvements have been made.
> Hi,
> I'm curious, are these the CVEs for the issues that still have an
> outstanding CVE request at - or
> are they completely unrelated?
> (If they are indeed the same/related, can you give more details about
> the exact mapping?)

Gustavo Grieco's CVE request regarding DoS is completely unrelated to 
the listed CVEs (CVE-2016-2317/CVE-2016-2318).  Regardless, fixes were 
made for these two issues as well and are included in the release.

Bob Friesenhahn,
GraphicsMagick Maintainer,

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ