[Bug 1646485] Re: security update regression in 'convert' tool when creating an image containing a text label

Marc Deslauriers marc.deslauriers at canonical.com
Wed Feb 22 15:16:29 UTC 2017 

This is caused by a bad patch backport to trusty and precise. I'll be
releasing a fix for this issue today or tomorrow.

** Also affects: imagemagick (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: imagemagick (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Changed in: imagemagick (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: imagemagick (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: imagemagick (Ubuntu Precise)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: imagemagick (Ubuntu Trusty)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: imagemagick (Ubuntu Precise)
   Importance: Undecided => High

** Changed in: imagemagick (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: imagemagick (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1646485

Title:
  security update regression in 'convert' tool when creating an image
  containing a text label

Status in imagemagick package in Ubuntu:
  Invalid
Status in imagemagick source package in Precise:
  Confirmed
Status in imagemagick source package in Trusty:
  Confirmed

Bug description:
  Running the following command doesn't work anymore:

     convert -background transparent -fill black -pointsize 32
  label:test out.png

  when libmagickcore4-8:6.6.9.7-5ubuntu3.6 is installed.

  It fails with the following error:

  convert: missing an image filename `out.png' @
  error/convert.c/ConvertImageCommand/3011.

  and exits with status 1.

  It works fine when I downgrade libmagickcore4 to 8:6.6.9.7-5ubuntu3.5.
  The image is created, and the exit status is 0.

  It seems like the security patches in 8:6.6.9.7-5ubuntu3.6 broke this
  behavior.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: libmagickcore4 8:6.6.9.7-5ubuntu3.6
  ProcVersionSignature: Ubuntu 3.13.0-39.66~precise1-generic 3.13.11.8
  Uname: Linux 3.13.0-39-generic x86_64
  ApportVersion: 2.0.1-0ubuntu17.13
  Architecture: amd64
  Date: Thu Dec  1 05:02:54 2016
  InstallationMedia: Ubuntu 12.04.5 LTS "Precise Pangolin" - Release amd64 (20140807.1)
  MarkForUpload: True
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: imagemagick
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1646485/+subscriptions

More information about the foundations-bugs mailing list