Hi! On Sat, Apr 05, 2025 at 03:42:46PM +0000, Moritz Mühlenhoff wrote: > On Sat, Apr 05, 2025 at 04:55:37PM +0200, Salvatore Bonaccorso wrote: > > I would suggest that we actually wait until the question around > > https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/210#note_601333 > > is clarified so that we potentially do not need to handle the two CVEs > > separately. > > > > It is not fully clear yet if CVE-2025-27796 is really not affecting > > bookworm. > > Ok, Carlos can you please reach out to graphicsmagick upstream to clarify?
Yes, of course. Actually I was writing a very long [email] to upstream asking for their opinion (I think I understood how the overflow could happen, but would like a second opinion) and also to make bug [750] public so we really be sure what the problem is. Cheers, Charles [email]: https://sourceforge.net/p/graphicsmagick/mailman/message/59169987/ [750]: https://sourceforge.net/p/graphicsmagick/bugs/750/
