[Bug 1707015] Re: image composite functions not working in php

Launchpad Bug Tracker 1707015 at bugs.launchpad.net
Mon Jul 31 16:49:01 UTC 2017 

This bug was fixed in the package imagemagick - 8:6.8.9.9-7ubuntu5.9

---------------
imagemagick (8:6.8.9.9-7ubuntu5.9) xenial-security; urgency=medium

  * SECURITY REGRESSION: image composite function regression (LP: #1707015)
    - disabled the following patches which cause issue:
      0224-Ensure-token-does-not-overflow.patch,
      0225-Fix-off-by-one-error-when-checking-token-length.patch,
      0226-Use-proper-cast.patch.

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Fri, 28 Jul 2017
14:22:17 -0400

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1707015

Title:
  image composite functions not working in php

Status in imagemagick package in Ubuntu:
  Invalid
Status in imagemagick source package in Trusty:
  Fix Released
Status in imagemagick source package in Xenial:
  Fix Released
Status in imagemagick package in Debian:
  Unknown

Bug description:
  We use php-imagick to make image compositions on our servers.  On July
  25 we got an upgrade of imagemagick, from 6.8.9.9-7ubuntu5.7 to
  8:6.8.9.9-7ubuntu5.8.  After that upgrade our webservers, using the
  php imagick bindings, stopped making composites.  The composite images
  just have the background layer showing, with no overlay layer
  composited on top.

  In PHP there are no errors or exceptions, and other imagick functions
  work fine.  Reading images, scaling, making new images, rendering to
  bytes, all work fine.  It is only the composite functions, in php
  bindings, that are not working.

  I downgraded our webservers to imagemagick 6.8.9.9-7ubuntu5, which is
  still available in the ubuntu archives, and the php composite
  functions started working again.  6.8.9.9-7ubuntu5.7 is no longer
  available in the archives
  (http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/).

  A test script to reproduce the bug is attached to this ticket.  On
  version 6.8.9.9-7ubuntu5 this will show the ubuntu logo over a gray
  background.  On the latest version, 6.8.9.9-7ubuntu5.8, this will show
  garbled fragments of the ubuntu logo over gray background, or perhaps
  just an empty gray background.

  This bug was identified on Ubuntu 16.04.2 LTS as a result of an
  automatic upgrade from ubuntu security.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1707015/+subscriptions

More information about the foundations-bugs mailing list