Hi Bob, On Fri, Dec 21, 2018 at 07:56:24AM -0600, Bob Friesenhahn wrote: > On Fri, 21 Dec 2018, Debian Bug Tracking System wrote: > > > Your message dated Fri, 21 Dec 2018 01:49:12 +0000 > > with message-id <[email protected]> > > and subject line Bug#916719: fixed in graphicsmagick 1.4~hg15873-1 > > has caused the Debian Bug report #916719, > > regarding graphicsmagick: CVE-2018-20185 > > to be marked as done. > > It has been suggested to me by the Suse Linux maintainer that the fix I > submitted for CVE-2018-20185 may be less than adequate. However, I will be > away for 1-1/2 weeks and will not have time to investigate.
Did you found time for further investigation of the report from the SuSE maintainer? Is the original fix as per http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293 not (completely) solving the security issue or incomplete/inadeguate in the sense it introduces some regresssion (e.g. functionality wise)? What was the concern of the SuSE maintainer? Regards, Salvatore
