| Anonymous | Login | Signup for a new account | 2024-11-22 13:48 MST |  |
| My View | View Issues | Report Issue | Change Log | Roadmap | My Account |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0000147 | MEGA | [All Projects] Feedback | public | 2016-05-05 10:31 | 2016-05-06 07:46 | ||||
| Reporter | guest | ||||||||
| Assigned To | gstecher | ||||||||
| Priority | normal | Severity | minor | Reproducibility | have not tried | ||||
| Status | resolved | Resolution | no change required | ||||||
| Platform | OS | ||||||||
| Product Version | MEGA-CC 11 (command line version) | ||||||||
| Target Version | Fixed in Version | ||||||||
| Summary | 0000147: Vulnerability in Image Magick released | ||||||||
| Description | Dear help desk, We had a question as to what the impact is of having Image Magick 6.8 installed on Mega 6. Can Image Magick be upgraded independently or would it require an upgrade to Mega 7 (assuming that this version has been upgraded past versions 7.0.1-1 and 6.9.3-10). https://www.us-cert.gov/ncas/current-activity/2016/05/04/ImageMagick-Vulnerability [^] I can be contacted via the attached e-mail or by phone (202) 708-8755. V/r, Josh Jarrell | ||||||||
| Tags | No tags attached. | ||||||||
| Attach Tags | (Separate by ",") | ||||||||
| First Name | Joshua | ||||||||
| Last Name | Jarrell | ||||||||
| Joshua.Jarrell@fsis.usda.gov | |||||||||
| Confirm Email | Joshua.Jarrell@fsis.usda.gov | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0003661) gstecher (administrator) 2016-05-06 07:46 |
Hi Joshua, I am writing in response to your question regarding the MEGA software and ImageMagick. MEGA6 does not install ImageMagick nor does it use ImageMagick that is installed on user's systems but rather MEGA6 is packaged with the ImageMagick libraries that it uses. MEGA6 also does not accept images as user input for processing so the recently reported vulnerability is in theory, not applicable. Upgrading ImageMagick on your system will not affect MEGA6 adversely. However, because some ImageMagick libraries are packaged with MEGA6, installing the newest version of ImageMagick will not remove those libraries. For peace of mind however, you can do the following: Uninstall MEGA6 (this will remove the ImageMagick libraries packaged with MEGA6) Install MEGA7 (starting with version 7, MEGA no longer uses ImageMagick) -- Best regards, Glen Stecher Institute for Genomics and Evolutionary Medicine igem.temple.edu |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2016-05-05 10:31 | guest | New Issue | |
| 2016-05-06 07:46 | gstecher | Note Added: 0003661 | |
| 2016-05-06 07:46 | gstecher | Status | new => resolved |
| 2016-05-06 07:46 | gstecher | Resolution | open => no change required |
| 2016-05-06 07:46 | gstecher | Assigned To | => gstecher |
|
Issue History |
| Copyright © 2000 - 2024 MantisBT Team |
|