[Pkg-gmagick-im-team] Bug#987504: imagemagick: attempt to perform an operation not allowed by the security policy `EPS'
Moritz Mühlenhoff
jmm at inutil.org
Thu Jun 3 19:00:33 BST 2021
Am Wed, May 19, 2021 at 08:49:01PM +0200 schrieb Paul Gevers:
> Hi,
>
> First off, thanks Adrian for raising the concern. In general, at this
> stage we don't like packages breaking other packages.
This should have been fixed in unstable for a long time, I pinged the maintainer
multiple times even. imagemagick badly needs co-maintainers, the current state
is not sustainable at all. imagemagick only saw one maintainer upload in 2020...
> If I understand correctly, not having this patch in bullseye can be
> considered a security regression.
Yes, we should not revert this and rather fix fallout in the handful
of affected packages. This patch e.g. prevented the exploitability of
https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
and will prevent other issues in the future.
Cheers,
Moritz
More information about the Pkg-gmagick-im-team
mailing list