[Pkg-gmagick-im-team] Bug#1032998: imagemagick: font issue since 8:6.9.10.23+dfsg-2.1+deb10u2

Utkarsh Gupta guptautkarsh2102 at gmail.com
Thu Mar 16 12:13:49 GMT 2023 

Hi Bastien,

Did you look at the following bug report?


- u

On Wed, Mar 15, 2023 at 8:09 PM Maxime Besson <maxime.besson at worteks.com> wrote:
>
> Package: imagemagick
> Version: 8:6.9.10.23+dfsg-2.1+deb10u2
> Severity: normal
>
> Dear Maintainer,
>
> After updating to 8:6.9.10.23+dfsg-2.1+deb10u2, libgd-securityimage-perl
> does not work anymore because of the CVE-2022-44267 and CVE-2022-44268
> mitigation:
>
>         <policy domain="path" rights="none" pattern="/etc/*" />
>
> Removing this line from /etc/ImageMagick-6/policy.xml restores correct
> hebavior.
>
> Here is a test script that tries to generate a Captcha
>
>     use GD::SecurityImage use_magick => 1;
>
>     my $image = GD::SecurityImage->new(
>         width    => 200,
>         height   => 100,
>         lines    => 4,
>         gd_font  => 'Giant',
>         scramble => 1,
>         rndmax   => 10,
>     );
>     $image->random;
>     $image->create( 'normal', 'default', "#403030", "#FF644B");
>     print $image->out( force => 'png' );
>
> The update breaks usage of fonts, and causes warnings to be printed, and
> the image to be missing any text (which is bad for a Captcha)
> , likely due to the fact that font configuration files for ImageMagick
> are in /etc
>
> -- Package-specific info:
> ImageMagick program version
> ---------------------------
>
> -- System Information:
> Debian Release: 10.13
>   APT prefers oldstable-updates
>   APT policy: (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, 'oldstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 6.0.0-0.deb11.6-amd64 (SMP w/6 CPU cores; PREEMPT)
> Kernel taint flags: TAINT_WARN
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
>
> -- Configuration Files:
> /etc/ImageMagick-6/policy.xml changed [not included]
>
> -- no debconf information
>

More information about the Pkg-gmagick-im-team mailing list