FYI: I CCed the debian-lts list. William Dauchy <wdau...@gmail.com> writes:
> On Wed, May 4, 2016 at 4:17 PM, William Dauchy <wdau...@gmail.com> wrote: >> I was looking at your last upload: >> https://packages.qa.debian.org/i/imagemagick/news/20160504T124217Z.html >> >> Could you make sure to also integrate >> https://github.com/ImageMagick/ImageMagick/commit/a347456a1ef3b900c20402f9866992a17eb5d181 >> in order to completely fix CVE-2016-3714 > > Sorry I forgot to mention, it goes along with > https://github.com/ImageMagick/ImageMagick/commit/06c41aba39b97203f6b9a0be6a2ccf8888cddc93 > which was marked as incomplete Hello, Thanks for you email. Looks like imagemagick in wheezy is vulnerable to CVE-2016-3714 to CVE-2016-3718. https://security-tracker.debian.org/tracker/source-package/imagemagick If I correctly understand you, if both of the patches you mention are applied to imagemagick, this will completely fix CVE-2016-3714? Thanks -- Brian May <b...@debian.org>