Date: Sun, 16 Jun 2019 16:47:30 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz On Sat, Jun 15, 2019 at 11:49:03AM -0400, Alex Gaynor wrote: > A test of a random ImageMagick vulnerability against Ubuntu Xenial shows > that it, indeed, continues to reproduce. > > This is in addition to the >100 security bugs OSS-Fuzz found and publicly > disclosed due to hitting their disclosure deadline, and which still have > not been fixed . Some people have interpreted this as implying there are ">100 security bugs OSS-Fuzz found and publicly disclosed [...], and which still have not been fixed" specifically in ImageMagick. However, at the link you referenced there are currently "only" 38 bugs specifically in ImageMagick, with the rest of the >100 being in other projects: > : > https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=Type%3DBug-Security+status%3ANew+label%3ADeadline-exceeded&colspec=ID+Type+Component+Status+Library+Reported+Summary+Modified&sort=-modified&groupby=&mode=grid&y=Proj&x=--&cells=ids&nobtn=Update Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.