In September I spent 10 hours on the following tasks: * Research security issues in various packages, such as Asterisk and samplesamplphp. * Reproduce CVE-2017-14103 in graphicsmagic on Wheezy, Stretch, and Unstable. Note that stretch and Unstable are marked as fixed, but I am not entirely convinced this is correct, as the exploit fails in exactly the same way. * Noticed that I could not initially reproduce CVE-2017-14103 on wheezy because it entered a busy read loop trying to read one byte at a time past EOF for a large number of bytes. * Patched graphicsmagick to fix both above security issues, and uploaded a version and made available for testing.
I have not yet had a chance to look at CVE-2017-14504, will do so next month. -- Brian May <br...@linuxpenguins.xyz> https://linuxpenguins.xyz/brian/
