Re: CVE-2016-3714 in ImageMagick
Salvatore Bonaccorso <carnil@debian.org> writes:
> See the discussion about this on
> http://www.openwall.com/lists/oss-security/2016/05/03/19 though.
Thanks for this. I did see it at the time, however didn't get a chance
yet to read it properly.
Also see the comment at the bottom of
https://github.com/ImageMagick/ImageMagick/commit/a347456a1ef3b900c20402f9866992a17eb5d181
It does seem like that these 2 patches combined don't fix CVE-2016-3714
and I can't see anything that attempts to fix CVE-2016-3715 -
CVE-2016-3718 either.
--
Brian May <bam@debian.org>
Reply to: