[Bug 1646485] Re: security update regression in 'convert' tool when creating an image containing a text label

Launchpad Bug Tracker 1646485 at bugs.launchpad.net
Wed Feb 22 20:03:09 UTC 2017 

This bug was fixed in the package imagemagick - 8:6.6.9.7-5ubuntu3.7

---------------
imagemagick (8:6.6.9.7-5ubuntu3.7) precise-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Wed, 22 Feb 2017
10:08:13 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1646485

Title:
  security update regression in 'convert' tool when creating an image
  containing a text label

Status in imagemagick package in Ubuntu:
  Invalid
Status in imagemagick source package in Precise:
  Fix Released
Status in imagemagick source package in Trusty:
  Fix Released

Bug description:
  Running the following command doesn't work anymore:

     convert -background transparent -fill black -pointsize 32
  label:test out.png

  when libmagickcore4-8:6.6.9.7-5ubuntu3.6 is installed.

  It fails with the following error:

  convert: missing an image filename `out.png' @
  error/convert.c/ConvertImageCommand/3011.

  and exits with status 1.

  It works fine when I downgrade libmagickcore4 to 8:6.6.9.7-5ubuntu3.5.
  The image is created, and the exit status is 0.

  It seems like the security patches in 8:6.6.9.7-5ubuntu3.6 broke this
  behavior.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: libmagickcore4 8:6.6.9.7-5ubuntu3.6
  ProcVersionSignature: Ubuntu 3.13.0-39.66~precise1-generic 3.13.11.8
  Uname: Linux 3.13.0-39-generic x86_64
  ApportVersion: 2.0.1-0ubuntu17.13
  Architecture: amd64
  Date: Thu Dec  1 05:02:54 2016
  InstallationMedia: Ubuntu 12.04.5 LTS "Precise Pangolin" - Release amd64 (20140807.1)
  MarkForUpload: True
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: imagemagick
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1646485/+subscriptions

More information about the foundations-bugs mailing list