Hi Bob,

On Tue, Jul 4, 2017 at 12:59 AM, László Böszörményi (GCS)
<[email protected]> wrote:
> On Mon, Jul 3, 2017 at 9:12 PM, Salvatore Bonaccorso <[email protected]> 
> wrote:
>> On Mon, Jul 03, 2017 at 08:56:23PM +0200, Salvatore Bonaccorso wrote:
>> That commit is unfortunately not enough. All related changesets to
>> mat.c since the above one should be taken into account. I got this
>> comment as reply to filling this bugreport directly from Bob
>> Friesenhahn (upstream).
>  I've found seven commits (after releasing 1.3.25), but I think the
> first may not be relevant to the security issue. That is, from 24th of
> October, 2016: "Ability to read multiple images from Matlab V4
> format."
> http://hg.code.sf.net/p/graphicsmagick/code/rev/65694fa21e4f
 This a friendly ping - you noted Salvatore Bonaccorso that the fix of
CVE-2017-10800 spans over multiple commits: does the above one (Matlab
V4 format support) add relevant safety checks for this vulnerability
or vica-versa only add more complexity?

Thanks already,
Laszlo/GCS

Reply via email to