[Pkg-gmagick-im-team] Bug#907336: still relevant? revert?

Tomas Pospisek tpo at sourcepole.ch
Wed Sep 1 09:19:28 BST 2021

Dear ImageMagick Packaging Team,

Short version: is it safe today to reenable PDF/PS conversion again these 

Long version:

Today I was affected by the problem reported in [1], notably:

     convert: attempt to perform an operation not allowed by the security
     policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.

When I check /etc/ImageMagick-6/policy.xml I see that plenty of 
conversions to/from (?) PDF/(E)PS* are apparently disabled by default as 
delivered by Debian. Which actually covers part of the requests in this 
(#907336) bugreport.

The mentioned stackoverflow Q&A however mentions that:

> Make sure ghostscript is updated kb.cert.org/vuls/id/332928

Which refers to a fix in Ghostscript 9.24 which is ages ago when compared 
to the Ghostscript version 9.53 currently in Debian stable.

I have *zero* insight into the issues leading to PDF/PS conversion being 
disabled in Debian and if they still are relevant and still are of 
the same concern as they were at the times before Ghostscript 9.24.

Or posed differently: does it make sense to reevaluate these issues and - 
if it turns out they are of no concern any more today - could the 
respective converters be re-enabled by default again?

Thanks a lot for maintaining ImageMagick! Greetings,

[1] https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion

More information about the Pkg-gmagick-im-team mailing list