[Bug 1796563] Re: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation

Steve Dodd 1796563 at bugs.launchpad.net
Sun Oct 7 17:35:47 UTC 2018 

Yeah, but it's not immediately obvious if you're not familiar with
imagemagick internals (I certainly didn't know what policy.xml was), and
it's part of 70 lines of changes.

Given this is flat out disabling a big chunk of functionality in
something frequently used as part of other programs / scripts, in an LTS
release, a mention in NEWS or README or something might be an idea. Or
at least a more verbose changelog entry.

Is this the recommended long-term solution to whatever the underlying
vulnerability is, or is it a stop-gap until something else - I assume
ghostscript - is properly patched?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1796563

Title:
  8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation

Status in imagemagick package in Ubuntu:
  New

Bug description:
  8:6.8.9.9-7ubuntu5.13 breaks the convert command as used by my home-
  brew document management system:

  $ convert -density 200 -quality 40 null: 10-07-dvla.pdf 10-07-dvla.jpg
  convert: not authorized `10-07-dvla.pdf' @ error/constitute.c/ReadImage/412.

  I appreciate that this is likely a security fix for something, but I
  can find no useful information in the changelog.Debian or NEWS files
  on what has changed, and what I should do to restore previous
  functionality.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: imagemagick 8:6.8.9.9-7ubuntu5.13
  ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
  Uname: Linux 4.15.0-33-generic x86_64
  NonfreeKernelModules: qnx4 hfsplus hfs minix ntfs jfs i915 snd_hda_codec_hdmi intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_realtek snd_hda_codec_generic dcdbas snd_hda_intel snd_hda_codec snd_hda_core intel_cstate dell_wmi intel_rapl_perf dell_smbios_wmi dell_smbios wmi_bmof sparse_keymap dell_wmi_descriptor cp210x usbserial mei_me mei shpchp intel_pch_thermal mac_hid vhci_hcd usbip_core r8169 wmi
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Sun Oct  7 14:35:08 2018
  InstallationDate: Installed on 2017-01-08 (637 days ago)
  InstallationMedia: Xubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
  SourcePackage: imagemagick
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions

More information about the foundations-bugs mailing list