Date: Fri, 20 May 2016 14:54:45 +0200 From: Sven Kieske <s.kieske@...twald.de> To: <oss-security@...ts.openwall.com> Subject: Re: ImageMagick Is On Fire -- CVE-2016-3714 On 19/05/16 19:07, Bob Friesenhahn wrote: > > As an example Ubuntu 14.04.4 LTS (which is supposed to be getting > security updates) has not provided ImageMagick or GraphicsMagick > package updates in 3 years. Hi, as you can see here: http://packages.ubuntu.com/trusty/graphicsmagick GM in Ubuntu resides in the "universe" repository When you read up about "universe" here: https://help.ubuntu.com/community/Repositories/Ubuntu you will see that: "Universe - Community maintained software, i.e. not officially supported software." which means all software from universe is _not_ officially supported by canonical and thus receives only timely updates, if a community member picks up the necessary work. Too also quote from https://wiki.ubuntu.com/LTS "The LTS designation applies only to specific subsets of the Ubuntu archive." See also this (german) article about packages which do not get security updates in Ubuntu "LTS" releases, because they are only community maintained: http://www.heise.de/ct/artikel/Ubuntu-LTS-Langzeitpflege-gibt-es-nur-fuer-das-Wichtigste-3179960.html There is also a command line tool to find out about unsupported packages: ubuntu-support-status --show-unsupported HTH -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +495772 293100 F: +495772 293333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ