faizal's picture

Hi Support,

Do you have an older/archived version or VM build?

If so can you point to me the repository for download?

I would need to run a PoC for a demonstration for:

https://imagetragick.com/

 

Many thanks in advance.

Forum: 
Jeremy Davis's picture

TBH, I don't know of the top of my head. However, I think I can help you out here...

Firstly, we still have some older images on our mirror. By the looks, the oldest Gallery image is v14.1 (based on Debian 8/Jessie).

According to the Debian Security page for CVE-2016-3714 the fixed package of imagemagick for Jessie was "8:6.8.9.9-5+deb8u2". So you'd want "8:6.8.9.9-5+deb8u1" (or earlier).

According to the v14.1 Gallery manifest that includes imagemagick package version "8:6.8.9.9-5+deb8u1"! So it looks like you'll be good with v14.1! :)

Keep in mind that you will need to skip the firstboot security updates. If you plan to use this as more than a one off example, you'll also want to disable the auto security updates. Probably the easiest way to stop them from running is to move the cron-apt cron file out of /etc/cron.d, e.g. something like this:

mv  /etc/cron.d/cron-apt  /root/cron-apt

Also FWIW if you want/need to install older packages, that are no longer in the Debian repos, the Debian snapshot repo can be really handy.

faizal's picture

Hi Jeremy,

Thanks for for helping me out. I'll give it a try.

Thanks again.

Add new comment