Hi Andreas, On Mon, Mar 02, 2020 at 01:45:04PM +0000, Debian Bug Tracking System wrote: > Hello Andreas, > > I think I've fixed these bugs indeed, a few months ago. > > Regards, > > David. > > PS : I'm sorry but I don't write Changelog for CImg anymore. Not > that I don't maintain it, but it write my changes directly in the > Changelog of the G'MIC project.
So this means 2.8.4 upstream contains the fix for CVE-2018-7587, any pointers to the upstream commit which fixed the issue, was it fixed before 2.8.4? Many thanks in advance, Regards, Salvatore
