Re: Imagemagick fuzzing bug

[Bastien ROUCARIES <roucaries.bastien () gmail com>]

On Wed, Dec 24, 2014 at 10:32 PM, Gynvael Coldwind <gynvael () coldwind pl> wrote:
> Hey,
>
> Original reporter from google side here.
>
> > You are aware that there is graphicsmagick which shares lots of code
> > with im (it's an early fork)? It'd be nice to also report these issues
> > to them if they apply. (I also reported a couple of issues in both
> > im/gm lately and devs were always quick to fix things)
>
>
> Do you know if either im or gm backport fixes from each other?
> I fuzzed only im, so I've reported to im. I don't mind reporting to both in
> the future, but if they DO backport fixes, that would lead into collisions
> (i.e. two different fixes for one bug, makes merging harder).

Usually I ask fordebian graphickmagick to check the code condition.
But to my best knowledge they do not backport, except if you ask. So
you should try your image on graphicmagick and check if it crash

BTW one patch was not correct please found updated patch queue here:
http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian-patches/6.8.9.9-5

I have backported to 6.7.7.10 here
http://anonscm.debian.org/cgit/collab-maint/imagemagick.git/log/?h=debian/6.7.7.10-5%2bdeb7u4
(not yet fully tested)

And i plan to backport to 6.6.0.4

Bastien

> Cheers,
> Gynvael