On Tue, 2018-09-11 at 07:40 +0100, John Cupitt via gtk-devel-list wrote: > On Tue, 11 Sep 2018 at 03:11, Magnus Bergman > <magnus.berg...@snisurset.net> wrote: > > On Tue, 11 Sep 2018 00:07:27 +0200 > > Bastien Nocera <had...@hadess.net> wrote: > > > No, it really isn't: > > > https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html > > > > > > We want to have less CVEs, not more. > > > > I see what you mean. A few of them (although none of the more > > serious > > ones) were even related to the GIF loader specifically. But the > > sheer > > volume kind of speaks for itself otherwise. :( > > IM joined Google's OSS-Fuzz programme last year: > > https://github.com/google/oss-fuzz > > The huge surge in CVEs was caused by that --- they've been fixing one > or two a day ever since. Once they are through this very painful > process, IM ought to be rather safe. > > I do agree though that it's a large and complex thing to use for such > a (relatively) simple task.
I maintained ImageMagick in RHEL a long time ago, it was already that way though security issues cropped up a bit less often than every day (!). I don't see any reason for us to want to us it. _______________________________________________ gtk-devel-list mailing list gtk-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/gtk-devel-list