On Sat, 5 Jan 2019, Salvatore Bonaccorso wrote:
Hi Bob,
On Fri, Dec 21, 2018 at 07:56:24AM -0600, Bob Friesenhahn wrote:
On Fri, 21 Dec 2018, Debian Bug Tracking System wrote:
Your message dated Fri, 21 Dec 2018 01:49:12 +0000
with message-id <e1ga9w8-0009rq...@fasolo.debian.org>
and subject line Bug#916719: fixed in graphicsmagick 1.4~hg15873-1
has caused the Debian Bug report #916719,
regarding graphicsmagick: CVE-2018-20185
to be marked as done.
It has been suggested to me by the Suse Linux maintainer that the fix I
submitted for CVE-2018-20185 may be less than adequate. However, I will be
away for 1-1/2 weeks and will not have time to investigate.
Did you found time for further investigation of the report from the
SuSE maintainer? Is the original fix as per
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293 not
(completely) solving the security issue or incomplete/inadeguate in
the sense it introduces some regresssion (e.g. functionality wise)?
What was the concern of the SuSE maintainer?
I am back from vacation but have not investigated the issue yet.
Petr Gajdos referred me to this Suse issue:
https://bugzilla.suse.com/show_bug.cgi?id=1119823#c1
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt
