Hi Bob, On Tue, Jul 4, 2017 at 12:59 AM, László Böszörményi (GCS) <[email protected]> wrote: > On Mon, Jul 3, 2017 at 9:12 PM, Salvatore Bonaccorso <[email protected]> > wrote: >> On Mon, Jul 03, 2017 at 08:56:23PM +0200, Salvatore Bonaccorso wrote: >> That commit is unfortunately not enough. All related changesets to >> mat.c since the above one should be taken into account. I got this >> comment as reply to filling this bugreport directly from Bob >> Friesenhahn (upstream). > I've found seven commits (after releasing 1.3.25), but I think the > first may not be relevant to the security issue. That is, from 24th of > October, 2016: "Ability to read multiple images from Matlab V4 > format." > http://hg.code.sf.net/p/graphicsmagick/code/rev/65694fa21e4f This a friendly ping - you noted Salvatore Bonaccorso that the fix of CVE-2017-10800 spans over multiple commits: does the above one (Matlab V4 format support) add relevant safety checks for this vulnerability or vica-versa only add more complexity?
Thanks already, Laszlo/GCS

