Search found 467 matches

by broucaries
2017-07-28T14:03:07-07:00
Forum: Bugs
Topic: Problems with Variety (wallpaper app) after recent Imagemagick update
Replies: 12
Views: 14999

Re: Problems with Variety (wallpaper app) after recent Imagemagick update

Magick I try my best to back port. Reporter could you try to bisect ? The patches are under https://anonscm.debian.org/git/collab-maint/imagemagick.git branch debian-patches/version, it is easy to bisect. You could run test case doing ./magick.sh convert command I am busy with private matter so plea...
by broucaries
2017-04-07T03:12:13-07:00
Forum: Bugs
Topic: Statement about security or not
Replies: 0
Views: 16450

Statement about security or not

Hi,

Just send you a private mail a patches adress to get some information about security implication of one of your patches...

Could you reply privatly if security implication. If not here publicly

Bastien
by broucaries
2017-02-14T14:07:29-07:00
Forum: Users
Topic: Fuzzing but only at one direction
Replies: 4
Views: 6992

Re: Fuzzing but only at one direction

thanks it work better with +2%
by broucaries
2017-02-14T11:00:12-07:00
Forum: Users
Topic: Fuzzing but only at one direction
Replies: 4
Views: 6992

Fuzzing but only at one direction

Hi, I have the following scanned text with a yellowish background that I want to remove. http://nvlpubs.nist.gov/nistpubs/bulletin/03/nbsbulletinv3n2p305_a2b.pdf Under matlab I usually get the average of color here srgba(91%,80%,58%,1) set in hvs colorspace and remove all arround a fuzz 3D ellipsoid...
by broucaries
2016-12-14T08:24:37-07:00
Forum: Bugs
Topic: statement about CVE-2016-9773
Replies: 1
Views: 6214

statement about CVE-2016-9773

https://security-tracker.debian.org/tra ... -2016-9773

Does this is a imagemagick 7 only bug ?

Thanks

bastien
by broucaries
2016-11-24T02:58:16-07:00
Forum: Bugs
Topic: Status of CVE
Replies: 7
Views: 14612

Re: Status of CVE

Relying on mmap failure exit code is fine.

Thank you for our clarification

On the debian side we maintain a corpus of exploit. it is under debian/poc.

If no copyright problem we could maintain this corpus.

We are under alioth for git
by broucaries
2016-11-23T15:49:45-07:00
Forum: Bugs
Topic: Status of CVE
Replies: 7
Views: 14612

Re: Status of CVE

Thanks for this answer. we agree with the first one. However my security team asked for more information about the two other: >Hmm. CVE-2016-8866 is actually assiged for "incomplete fix for >CVE-2016-8862". > >CVE-2016-8862 was assigned here: > >https://marc.info/?l=oss-security&m=1476...
by broucaries
2016-11-21T05:46:39-07:00
Forum: Bugs
Topic: Release often, release early
Replies: 1
Views: 5789

Release often, release early

Hi,

If you found some securities bug could you release fast please. For instance not more than a week.

I know your ressource are limited it is a more a wish
by broucaries
2016-11-21T05:40:25-07:00
Forum: Bugs
Topic: Status of CVE
Replies: 7
Views: 14612

Status of CVE

What are the status of these CVEs ? Could you give me the git commit fixing these problems:

CVE-2016-8862 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)
CVE-2016-8678 heap-based buffer overflow in IsPixelMonochrome
CVE-2016-8866
by broucaries
2016-10-26T12:20:52-07:00
Forum: Bugs
Topic: Pythonmagick FTBFS
Replies: 0
Views: 11003

Pythonmagick FTBFS

by broucaries
2016-08-08T03:09:20-07:00
Forum: Bugs
Topic: small memory leak
Replies: 3
Views: 6824

Re: small memory leak

Does it affect imagemagick 6 ?

Pointer to commit ?
Bastien
by broucaries
2016-08-08T03:08:48-07:00
Forum: Bugs
Topic: Page zero issue
Replies: 2
Views: 6476

Re: Page zero issue

magick seems an API issue and maybe a security one. Could you get a glimpse
by broucaries
2016-08-08T03:07:52-07:00
Forum: Bugs
Topic: CVE-2016-5118 aka 76401e172ea3a55182be2b8e2aca4d07270f6da6
Replies: 3
Views: 7394

CVE-2016-5118 aka 76401e172ea3a55182be2b8e2aca4d07270f6da6

Could we get a statement if CVE-2016-5118 is only Imagemagick 7 ?

Thanks Bastien
by broucaries
2016-03-11T09:25:02-07:00
Forum: Bugs
Topic: JPEG2000 support without libjasper
Replies: 1
Views: 5423

JPEG2000 support without libjasper

Hi,

Due to security reason debian will drop libjasper. Does imagemagick support alternative jpeg library for jpeg2000 ?