Re: CVE-2016-3714 in ImageMagick

To: Brian May <bam@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: CVE-2016-3714 in ImageMagick
From: William Dauchy <wdauchy@gmail.com>
Date: Thu, 5 May 2016 10:20:06 +0200
Message-id: <[🔎] CAJ75kXb2Cvkr9Cura90jt6_2ATNJVSCGuQi=ngJhheqTvhuRLw@mail.gmail.com>
In-reply-to: <[🔎] 877ff9t00p.fsf@prune.linuxpenguins.xyz>
References: <CAJ75kXYz_q_Je2N4-=CVTxZu+vDgDKJc8OnGCrNJYq=A3eQjvw@mail.gmail.com> <CAJ75kXZ1UgZb96a-YcBGW25O9MDbMo=NsMou01PPG058pV7JeQ@mail.gmail.com> <[🔎] 877ff9t00p.fsf@prune.linuxpenguins.xyz>

Hi Brian,

Thank you for you answer.

On Thu, May 5, 2016 at 9:52 AM, Brian May <bam@debian.org> wrote:
> Thanks for you email.
> Looks like imagemagick in wheezy is vulnerable to CVE-2016-3714 to
> CVE-2016-3718.
> https://security-tracker.debian.org/tracker/source-package/imagemagick
> If I correctly understand you, if both of the patches you mention are
> applied to imagemagick, this will completely fix CVE-2016-3714?

Yes indeed.
https://github.com/ImageMagick/ImageMagick/commit/06c41aba39b97203f6b9a0be6a2ccf8888cddc93
https://github.com/ImageMagick/ImageMagick/commit/a347456a1ef3b900c20402f9866992a17eb5d181
It should be applied to both wheezy and jessie.

-- 
William

Reply to:

Follow-Ups:
- Re: CVE-2016-3714 in ImageMagick
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Re: CVE-2016-3714 in ImageMagick
  - From: Brian May <bam@debian.org>

Prev by Date: Re: CVE-2016-3714 in ImageMagick
Next by Date: Re: CVE-2016-3714 in ImageMagick
Previous by thread: Re: CVE-2016-3714 in ImageMagick
Next by thread: Re: CVE-2016-3714 in ImageMagick
Index(es):
- Date
- Thread