Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564

To: debian-lts@lists.debian.org
Subject: Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
From: Brian May <bam@debian.org>
Date: Thu, 09 Jun 2016 17:24:15 +1000
Message-id: <[🔎] 87wply3jvk.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 87ziqv2tpx.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 878tyg3y7r.fsf@prune.linuxpenguins.xyz> <[🔎] 87ziqv2tpx.fsf@prune.linuxpenguins.xyz>

Brian May <bam@debian.org> writes:

> DrawDashPolygon had the following change:
>
> - for (i=1; (i < number_vertices) && (length >= 0.0); i++)
> + for (i=1; (i < (ssize_t) number_vertices) && (length >= 0.0); i++)

Actually just noticed this change is a NOP. Both i and number_vertices
are of type size_t.

> Alternatively, DrawDashPolygon uses DrawStrokePolygon a lot, which in
> turn uses TraceStrokePolygon, which gets on to the next CVE:
> Am inclined to:
>
> 1. Patch TraceStrokePolygon.
> 2. Mark CVE-2016-4563 as fixed in wheezy (but this does not mean it is
> fixed in Jessie or above - probably need to check the Jessie version first).
> 3. Mark CVE-2016-4562 as not vulnerable.

I will leave CVE-2016-4562 as vulerable. It is possible that the fixes
to TraceStrokePolygon fixed this as well as CVE-2016-4563, but we can't
tell that for certain.

> 4. Leave CVE-2016-4564 as vulnerable.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
  - From: Brian May <bam@debian.org>
- Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
  - From: Brian May <bam@debian.org>

Prev by Date: Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
Next by Date: Re: Re: Wheezy update of roundcube?
Previous by thread: Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
Next by thread: Re: imagemagick CVE-2016-4562, CVE-2016-4563, CVE-2016-4564
Index(es):
- Date
- Thread