oss-sec mailing list archives
Re: ImageMagick Is On Fire -- CVE-2016-3714
From: Sven Kieske <s.kieske () mittwald de>
Date: Fri, 20 May 2016 14:54:45 +0200
On 19/05/16 19:07, Bob Friesenhahn wrote:
As an example Ubuntu 14.04.4 LTS (which is supposed to be getting security updates) has not provided ImageMagick or GraphicsMagick package updates in 3 years.
Hi, as you can see here: http://packages.ubuntu.com/trusty/graphicsmagick GM in Ubuntu resides in the "universe" repository When you read up about "universe" here: https://help.ubuntu.com/community/Repositories/Ubuntu you will see that: "Universe - Community maintained software, i.e. not officially supported software." which means all software from universe is _not_ officially supported by canonical and thus receives only timely updates, if a community member picks up the necessary work. Too also quote from https://wiki.ubuntu.com/LTS "The LTS designation applies only to specific subsets of the Ubuntu archive." See also this (german) article about packages which do not get security updates in Ubuntu "LTS" releases, because they are only community maintained: http://www.heise.de/ct/artikel/Ubuntu-LTS-Langzeitpflege-gibt-es-nur-fuer-das-Wichtigste-3179960.html There is also a command line tool to find out about unsupported packages: ubuntu-support-status --show-unsupported HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +495772 293100 F: +495772 293333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: ImageMagick Is On Fire -- CVE-2016-3714, (continued)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Jeremy Stanley (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Kurt Seifried (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Simon McVittie (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 John Lightsey (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 20)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Simon Lees (May 20)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Thomas Klausner (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Sven Kieske (May 20)