Legacy ImageMagick Discussions Archive

broucaries

Magick I try my best to back port. Reporter could you try to bisect ? The patches are under https://anonscm.debian.org/git/collab-maint/imagemagick.git branch debian-patches/version, it is easy to bisect. You could run test case doing ./magick.sh convert command I am busy with private matter so ...

broucaries

Hi,

Just send you a private mail a patches adress to get some information about security implication of one of your patches...

Could you reply privatly if security implication. If not here publicly

Bastien

broucaries

thanks it work better with +2%

broucaries

Hi, I have the following scanned text with a yellowish background that I want to remove. http://nvlpubs.nist.gov/nistpubs/bulletin/03/nbsbulletinv3n2p305_a2b.pdf Under matlab I usually get the average of color here srgba(91%,80%,58%,1) set in hvs colorspace and remove all arround a fuzz 3D ellipsoid ...

broucaries

https://security-tracker.debian.org/tra ... -2016-9773

Does this is a imagemagick 7 only bug ?

Thanks

bastien

broucaries

Relying on mmap failure exit code is fine.

Thank you for our clarification

On the debian side we maintain a corpus of exploit. it is under debian/poc.

If no copyright problem we could maintain this corpus.

We are under alioth for git

broucaries

Thanks for this answer. we agree with the first one. However my security team asked for more information about the two other: >Hmm. CVE-2016-8866 is actually assiged for "incomplete fix for >CVE-2016-8862". > >CVE-2016-8862 was assigned here: > >https://marc.info/?l=oss-security&m=147694131710754&w ...

broucaries

Hi,

If you found some securities bug could you release fast please. For instance not more than a week.

I know your ressource are limited it is a more a wish

broucaries

What are the status of these CVEs ? Could you give me the git commit fixing these problems:

CVE-2016-8862 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)
CVE-2016-8678 heap-based buffer overflow in IsPixelMonochrome
CVE-2016-8866

broucaries

Could you get a glimpse at :

https://github.com/ImageMagick/PythonMagick/issues/5

broucaries

Could we get also statement about CVE-2016-6520 aka https://github.com/ImageMagick/ImageMag ... 07270f6da6

broucaries

Does it affect imagemagick 6 ?

Pointer to commit ?
Bastien

broucaries

magick seems an API issue and maybe a security one. Could you get a glimpse

broucaries

Could we get a statement if CVE-2016-5118 is only Imagemagick 7 ?

Thanks Bastien

broucaries

Hi,

Due to security reason debian will drop libjasper. Does imagemagick support alternative jpeg library for jpeg2000 ?

Legacy ImageMagick Discussions Archive

Search found 467 matches

Re: Problems with Variety (wallpaper app) after recent Imagemagick update

Statement about security or not

Re: Fuzzing but only at one direction

Fuzzing but only at one direction

statement about CVE-2016-9773

Re: Status of CVE

Re: Status of CVE

Release often, release early

Status of CVE

Pythonmagick FTBFS

Re: CVE-2016-5118 aka 76401e172ea3a55182be2b8e2aca4d07270f6da6

Re: small memory leak

Re: Page zero issue

CVE-2016-5118 aka 76401e172ea3a55182be2b8e2aca4d07270f6da6

JPEG2000 support without libjasper