Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon,  6 Jun 2016 00:24:29 -0400 (EDT)
From: cve-assign@...re.org
To: jodie.cunningham@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Requesting CVE for ImageMagick DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> 1/24/2015 3c1c3e63 HDR file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
>  https://bugzilla.redhat.com/show_bug.cgi?id=1195260
>  http://trac.imagemagick.org/changeset/17845
>  http://trac.imagemagick.org/changeset/17846

Use CVE-2015-8900.

There are currently no DNS records for trac.imagemagick.org. It
appears that some or all of the code changes may be on GitHub,
although we have not confirmed that. For example, this HDR issue might
be
https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6


> 1/25/2015 d595506c MIFF file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
>  https://bugzilla.redhat.com/show_bug.cgi?id=1195265
>  http://trac.imagemagick.org/changeset/17854

Use CVE-2015-8901.


> 1/25/2015 c8ad6aba PDB file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
>  https://bugzilla.redhat.com/show_bug.cgi?id=1195269
>  http://trac.imagemagick.org/changeset/17855

Use CVE-2015-8902.


> 1/25/2015 783d8806 VICAR file DoS, CPU
>  http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
>  https://bugzilla.redhat.com/show_bug.cgi?id=1195271
>  http://trac.imagemagick.org/changeset/17856

Use CVE-2015-8903.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXVPqDAAoJEHb/MwWLVhi2YnoP/j/OsaE0UGCCqQ9+i6ryS7Ye
i4PWl9Wj+LR843eJDfjT5oi2HwZVFoVP0rOCKqN0P6gj1Qhm1LeaQduY7hBkroXT
zzNA0VombvKRRBwB4+3Bj9RDe74QNos8OoNz6SRJJyu2C/l7qyar6chyE71WxFn9
wOGKk/Hi530cWJ1Cj3ft42nMbdG6eGQmtnmg+/h6Afd9FjD4YSYq/llUD20gVass
oK4nXEUx3CsxiX8YOlbtkuTCIxuKhqb1xSqU0YyNUhTIRMBsywdcxpAplyO0iK43
27s40ay8fSVV0xLg1GOwZ0t+/Ouwbu0iArXfxuzQOcSBaKcguz5NhzONE5vKT0Y5
JpWlc1EvoLzdp0oDawJnfLr4TmTsA90DXgqM9TJXNReUyVB0HJkBFSn2t27HCeUf
Gyvrq7oTkyWJhpJFOLTM+LmkDsXIaw6SlzUn6GSTwsDdEGJ5+C7W4byTkkpGFu9Y
wo0JKrtwMNZQm1pjsV7w+AihnDhdwTyTNdTYrqqTXuPk4luD2T+kyTbB5Z+mba87
chVHoptvOXG96X17EKLjfGjguqjziDE0ddDwbhxI4Z1FD347bXsui4NO2QBHiZ5X
UW8XbWIou2L5MOhxM5M8SIfkEzfROhYstes3C1UC/RIL3SpFCceKqZCl3n/DdIob
kTjGO9x5OCa+DWyPMhnx
=Wtlv
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.