MantisBT - MEGA
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0000155MEGA[All Projects] Feedbackpublic2016-05-11 11:562016-05-11 12:43
Reporterguest 
Assigned Togstecher 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionno change required 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
First NameSteven
Last NameKirpes
EmailSteven.J.Kirpes@aphis.usda.gov
Confirm EmailSteven.J.Kirpes@aphis.usda.gov
Summary0000155: MEGA5 question
DescriptionI am an IT customer service professional. My end users use the product MEGA5. I have recently become aware that a security vulnerability has been identified in a software app called ImageMagick. My question is., Does MEGA5, or any of the newer versions of MEGA utilize the ImageMagick application as a software utility within the larger context of MEGA?

Thank you for your assistance.

Steven
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Fileszip human-chimp2.zip (896,003) 1969-12-31 17:33
https://megasoftware.net/mantis_bt/
Issue History
Date ModifiedUsernameFieldChange
2016-05-11 11:56guestNew Issue
2016-05-11 12:43gstecherNote Added: 0003665
2016-05-11 12:43gstecherStatusnew => resolved
2016-05-11 12:43gstecherResolutionopen => no change required
2016-05-11 12:43gstecherAssigned To => gstecher

Notes
(0000074)
gstecher   
1969-12-31 17:33   
For some reason the file did not uplaod correctly. Email me if you need it for testing.
(0000075)
gstecher   
1969-12-31 17:33   
Ok, I zipped up the test data file and it seems to have uploaded correctly
(0000130)
gstecher   
1969-12-31 17:33   
We still need to address this to some degree. Perhaps we can put a note on the progress dialog stating that the alignment is being canceled. One of the people in our lab experienced similar confusion with MEGA 3 Beta 4 when canceling a large alignment.
(0000137)
Nikita Vikhrev   
1969-12-31 17:33   
I found the data file uploaded in wrong place. I FTPed it in the correct place.
(0000141)
Nikita Vikhrev   
1969-12-31 17:33   
Gosh, I have spent two whole days to take care of this problem. Now, cancel works immediately in any timings and the dialog box shows the progress very smoothly and never disappears. Yet, if you apply such huge data, the changes in the progress bar are extremely slow. To show that MEGA is alive and the alignment is going in such cases, I have added the MEGA animation on the dialog box.
(0003665)
gstecher   
2016-05-11 12:43   
Hi Steven,

I am writing in response to your question regarding the MEGA5 software. MEGA5 and MEGA6 use the ImageMagick software to export some results visualizations to png files. However, MEGA does not accept any user input that would be passed along to ImageMagick, and the latest security vulnerability regarding ImageMagick is one where malicious input is not handled properly. The newest version of MEGA (MEGA7) does not use ImageMagick at all and I recommend upgrading to this version.

--
Best regards,

Glen Stecher