Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <alpine.GSO.2.20.1705230831540.6623@freddy.simplesystems.org>
Date: Tue, 23 May 2017 08:34:04 -0500 (CDT)
From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>
To: Thomas Deutschmann <whissi@...too.org>
cc: oss-security@...ts.openwall.com
Subject: Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized
 memory in RLE decoder

On Tue, 23 May 2017, Thomas Deutschmann wrote:

> Hi,
>
> thanks! I received an tiff attachment. Could you please confirm its
> SHA256 sum? I got
>
>> 790EF50E47EDCEF26DF6D6A7EB87B7706C1E32486D0EC3DB46A4E784E75C9DE8

That is what I get here.  Since there seems to be so much interest in 
this file, I include a base64 encoding of it below.

TU0AKgAACAj/AP8I/xD/GP8g/yn/Mf85/0H/Sv9S/1r/Yv9q/3P/e/+D/4v/lP+c/6T/rP+0/73/
xf/N/9X/3v/m/+7/9v//9gD2CPYQ9hj2IPYp9jH2OfZB9kr2UvZa9mL2avZz9nv2g/aL9pT2nPak
9qz2tPa99sX2zfbV9t725vbu9vb2/+4A7gjuEO4Y7iDuKe4x7jnuQe5K7lLuWu5i7mruc+577oPu
i+6U7pzupO6s7rTuve7F7s3u1e7e7ubu7u727v/mAOYI5hDmGOYg5inmMeY55kHmSuZS5lrmYuZq
5nPme+aD5ovmlOac5qTmrOa05r3mxebN5tXm3ubm5u7m9ub/3gDeCN4Q3hjeIN4p3jHeOd5B3kre
Ut5a3mLeat5z3nveg96L3pTenN6k3qzetN693sXezd7V3t7e5t7u3vbe/9UA1QjVENUY1SDVKdUx
1TnVQdVK1VLVWtVi1WrVc9V71YPVi9WU1ZzVpNWs1bTVvdXF1c3V1dXe1ebV7tX21f/NAM0IzRDN
GM0gzSnNMc05zUHNSs1SzVrNYs1qzXPNe82DzYvNlM2czaTNrM20zb3Nxc3NzdXN3s3mze7N9s3/
xQDFCMUQxRjFIMUpxTHFOcVBxUrFUsVaxWLFasVzxXvFg8WLxZTFnMWkxazFtMW9xcXFzcXVxd7F
5sXuxfbF/70AvQi9EL0YvSC9Kb0xvTm9Qb1KvVK9Wr1ivWq9c717vYO9i72UvZy9pL2svbS9vb3F
vc291b3evea97r32vf+0ALQItBC0GLQgtCm0MbQ5tEG0SrRStFq0YrRqtHO0e7SDtIu0lLSctKS0
rLS0tL20xbTNtNW03rTmtO609rT/rACsCKwQrBisIKwprDGsOaxBrEqsUqxarGKsaqxzrHusg6yL
rJSsnKykrKystKy9rMWszazVrN6s5qzurPas/6QApAikEKQYpCCkKaQxpDmkQaRKpFKkWqRipGqk
c6R7pIOki6SUpJykpKSspLSkvaTFpM2k1aTepOak7qT2pP+cAJwInBCcGJwgnCmcMZw5nEGcSpxS
nFqcYpxqnHOce5yDnIuclJycnKScrJy0nL2cxZzNnNWc3pzmnO6c9pz/lACUCJQQlBiUIJQplDGU
OZRBlEqUUpRalGKUapRzlHuUg5SLlJSUnJSklKyUtJS9lMWUzZTVlN6U5pTulPaU/4sAiwiLEIsY
iyCLKYsxizmLQYtKi1KLWotii2qLc4t7i4OLi4uUi5yLpIusi7SLvYvFi82L1Yvei+aL7ov2i/+D
AIMIgxCDGIMggymDMYM5g0GDSoNSg1qDYoNqg3ODe4ODg4uDlIOcg6SDrIO0g72DxYPNg9WD3oPm
g+6D9oP/ewB7CHsQexh7IHspezF7OXtBe0p7Untae2J7antze3t7g3uLe5R7nHuke6x7tHu9e8V7
zXvVe9575nvue/Z7/3MAcwhzEHMYcyBzKXMxczlzQXNKc1JzWnNic2pzc3N7c4Nzi3OUc5xzpHOs
c7RzvXPFc81z1XPec+Zz7nP2c/9qAGoIahBqGGogailqMWo5akFqSmpSalpqYmpqanNqe2qDaotq
lGqcaqRqrGq0ar1qxWrNatVq3mrmau5q9mr/YgBiCGIQYhhiIGIpYjFiOWJBYkpiUmJaYmJiamJz
Yntig2KLYpRinGKkYqxitGK9YsVizWLVYt5i5mLuYvZi/1oAWghaEFoYWiBaKVoxWjlaQVpKWlJa
WlpiWmpac1p7WoNai1qUWpxapFqsWrRavVrFWs1a1VreWuZa7lr2Wv9SAFIIUhBSGFIgUilSMVI5
UkFSSlJSUlpSYlJqUnNSe1KDUotSlFKcUqRSrFK0Ur1SxVLNUtVS3lLmUu5S9lL/SgBKCEoQShhK
IEopSjFKOUpBSkpKUkpaSmJKakpzSntKg0qLSpRKnEqkSqxKtEq9SsVKzUrVSt5K5kruSvZK/0EA
QQhBEEEYQSBBKUExQTlBQUFKQVJBWkFiQWpBc0F7QYNBi0GUQZxBpEGsQbRBvUHFQc1B1UHeQeZB
7kH2Qf85ADkIORA5GDkgOSk5MTk5OUE5SjlSOVo5YjlqOXM5ezmDOYs5lDmcOaQ5rDm0Ob05xTnN
OdU53jnmOe459jn/MQAxCDEQMRgxIDEpMTExOTFBMUoxUjFaMWIxajFzMXsxgzGLMZQxnDGkMawx
tDG9McUxzTHVMd4x5jHuMfYx/ykAKQgpECkYKSApKSkxKTkpQSlKKVIpWiliKWopcyl7KYMpiymU
KZwppCmsKbQpvSnFKc0p1SneKeYp7in2Kf8gACAIIBAgGCAgICkgMSA5IEEgSiBSIFogYiBqIHMg
eyCDIIsglCCcIKQgrCC0IL0gxSDNINUg3iDmIO4g9iD/GAAYCBgQGBgYIBgpGDEYORhBGEoYUhha
GGIYahhzGHsYgxiLGJQYnBikGKwYtBi9GMUYzRjVGN4Y5hjuGPYY/xAAEAgQEBAYECAQKRAxEDkQ
QRBKEFIQWhBiEGoQcxB7EIMQixCUEJwQpBCsELQQvRDFEM0Q1RDeEOYQ7hD2EP8IAAgICBAIGAgg
CCkIMQg5CEEISghSCFoIYghqCHMIewiDCIsIlAicCKQIrAi0CL0IxQjNCNUI3gjmCO4I9gj/AAAA
CAAQABgAIAApADEAOQBBAEoAUgBaAGIAagBzAHsAgwCLAJQAnACkAKwAtAC9AMUAzQDVAN4A5gDu
APYA/wARAQAAAwAAAAEAIgAAAQEAAwAAAAEAMAAAAQIAAwAAAAIACAAIAQMAAwAAAAEAAQAAAQYA
AwAAAAEABQAAAREABAAAAAEAAAAIARIAAwAAAAEAAQAAARUAAwAAAAEAAgAAARYAAwAAAAEAIAAA
ARcABAAAAAEAAAgAARoABQAAAAEAAAjaARsABQAAAAEAAAjiARwAAwAAAAEAAQAAASgAAwAAAAEA
AgAAAVIAAwAAAAEAAgAAAVMAAwAAAAIAAQABh3MABwAAAAAAAABIAAA=

Bob
-- 
Bob Friesenhahn
bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.