[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Security issues addressed in GraphicsMagick SVG reader
From: Bob Friesenhahn <bfriesen () simple ! dallas ! tx ! us>
Date: 2016-05-31 13:56:55
Message-ID: alpine.GSO.2.20.1605310854360.4552 () freddy ! simplesystems ! org
[Download RAW message or body]
On Tue, 31 May 2016, Stefan Cornelius wrote:
> On Fri, 27 May 2016 09:37:38 -0500 (CDT)
> Bob Friesenhahn <bfriesen@simple.dallas.tx.us> wrote:
>
>> ===========================================
>> SVG Security Improvements in GraphicsMagick
>> ===========================================
>>
>> This is a summary of security improvements made to development
>> GraphicsMagick's SVG reader since the 1.3.23 release. These
>> improvements were made in response to fuzz testing by Gustavo Grieco
>> (using Quickfuzz) which and which resulted in CVE-2016-2317 and
>> CVE-2016-2318. We are thankful that Gustavo has been willing to
>> continue fuzz testing as improvements have been made.
>
> Hi,
>
> I'm curious, are these the CVEs for the issues that still have an
> outstanding CVE request at http://seclists.org/oss-sec/2016/q2/180 - or
> are they completely unrelated?
>
> (If they are indeed the same/related, can you give more details about
> the exact mapping?)
Gustavo Grieco's CVE request regarding DoS is completely unrelated to
the listed CVEs (CVE-2016-2317/CVE-2016-2318). Regardless, fixes were
made for these two issues as well and are included in the release.
Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic