[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

graphicsmagick / CVE-2016-7447

Does suspicion of vulnerability count as requiring a security fix?

>From upstream: "EscapeParenthesis(): I was notified by Gustavo Grieco of
a heap overflow in EscapeParenthesis() used in the text annotation
code. While not being able to reproduce the issue, the implementation of
this function is completely redone. This issue was assigned
CVE-2016-7447 after the release."

The update is:


While the code is a significant improvement on the old code, does this
justify a security update?

Possibly the answer is Yes, when combined with fixes for the other
security issues against graphicsmagick. Thought I should check here
Brian May <brian@linuxpenguins.xyz>

Reply to: