Jon, severity in launchpad is mostly unused. (Maybe some teams use it but I'm not aware of them.) Issues that the Ubuntu Security Team tracks are on the Ubuntu CVE Tracker:
https://people.canonical.com/~ubuntu-security/cve/pkg/imagemagick.html Now the bad news -- I don't think the upstream developers have understood the issues and prepared meaningful patches. My full critique is at http://www.openwall.com/lists/oss-security/2016/05/03/19 . Ideally the upstream authors will create patches that do address my concerns (and the concerns raised by the mail.ru security team privately with the upstream authors). There's some suggestions here for mitigations: https://imagetragick.com/ I recommend testing these mitigations in your environment. I also recommend using AppArmor to confine services that allow users to provide images for ImageMagick manipulation. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1578398 Title: ImageMagick Security Issue reported yesterday To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1578398/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
