[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2016-3714 in ImageMagick

Hi,

On Thu, May 05, 2016 at 10:20:06AM +0200, William Dauchy wrote:
> Hi Brian,
> 
> Thank you for you answer.
> 
> On Thu, May 5, 2016 at 9:52 AM, Brian May <bam@debian.org> wrote:
> > Thanks for you email.
> > Looks like imagemagick in wheezy is vulnerable to CVE-2016-3714 to
> > CVE-2016-3718.
> > https://security-tracker.debian.org/tracker/source-package/imagemagick
> > If I correctly understand you, if both of the patches you mention are
> > applied to imagemagick, this will completely fix CVE-2016-3714?
> 
> Yes indeed.
> https://github.com/ImageMagick/ImageMagick/commit/06c41aba39b97203f6b9a0be6a2ccf8888cddc93
> https://github.com/ImageMagick/ImageMagick/commit/a347456a1ef3b900c20402f9866992a17eb5d181
> It should be applied to both wheezy and jessie.

See the discussion about this on
http://www.openwall.com/lists/oss-security/2016/05/03/19 though.

Regards,
Salvatore
Reply to: