Security improvements to TEXT coder broke it
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| imagemagick (Ubuntu) |
High
|
Ubuntu Security Team | ||
| Precise |
High
|
Marc Deslauriers | ||
| Trusty |
High
|
Marc Deslauriers | ||
| Xenial |
High
|
Marc Deslauriers | ||
| Yakkety |
High
|
Marc Deslauriers |
Bug Description
In ubuntu 16.04 (xenial):
$ convert test.txt test.pdf
convert: improper image header `test.txt' @ error/txt.
convert: no images defined `test.pdf' @ error/convert.
$ lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
$ apt-cache policy imagemagick
imagemagick:
Installed: 8:6.8.9.
Candidate: 8:6.8.9.
Version table:
*** 8:6.8.9.
500 http://
500 http://
100 /var/lib/
8:
500 http://
dsitze (dsitze) wrote : | #2 |
See http://
Initial symptom is consistent w/ policy change. Comment out the line for text coder in /etc/ImageMagic-6.
The command now requires (per security update) text to be explicit:
convert text:test.txt test.pdf
However, now you'll get:
convert: ../../coders/
Aborted (core dumped)
As indicated in the linked discussion, this has been fixed in later versions.
Mathew Hodson (mathew-hodson) wrote : | #3 |
tags: | added: patch-accepted-upstream regression-update xenial |
Changed in imagemagick (Ubuntu): | |
importance: | Undecided → High |
summary: |
- Text files cannot be converted to pdf + Security improvements to TEXT coder broke it |
tags: | removed: patch-accepted-upstream |
Changed in imagemagick (Ubuntu): | |
assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
Changed in imagemagick (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in imagemagick (Ubuntu Trusty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in imagemagick (Ubuntu Xenial): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in imagemagick (Ubuntu Yakkety): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in imagemagick (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in imagemagick (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in imagemagick (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in imagemagick (Ubuntu Yakkety): | |
status: | New → Confirmed |
Changed in imagemagick (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in imagemagick (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in imagemagick (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in imagemagick (Ubuntu Yakkety): | |
importance: | Undecided → High |
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package imagemagick - 8:6.8.9.
---------------
imagemagick (8:6.8.
* SECURITY REGRESSION: text coder issue (LP: #1589580)
- debian/
fix logic in coders/txt.c.
-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 11:10:55 -0500
Changed in imagemagick (Ubuntu Yakkety): | |
status: | Confirmed → Fix Released |
Launchpad Janitor (janitor) wrote : | #5 |
This bug was fixed in the package imagemagick - 8:6.8.9.
---------------
imagemagick (8:6.8.
* SECURITY REGRESSION: text coder issue (LP: #1589580)
- debian/
fix logic in coders/txt.c.
-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 11:41:06 -0500
Changed in imagemagick (Ubuntu Xenial): | |
status: | Confirmed → Fix Released |
Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package imagemagick - 8:6.7.7.
---------------
imagemagick (8:6.7.
* SECURITY REGRESSION: test label regression (LP: #1646485)
- debian/
updated to fix bad backport.
- debian/
updated to apply cleanly.
* SECURITY REGRESSION: text coder issue (LP: #1589580)
- debian/
fix logic in coders/txt.c.
-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:04:25 -0500
Changed in imagemagick (Ubuntu Trusty): | |
status: | Confirmed → Fix Released |
Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package imagemagick - 8:6.6.9.
---------------
imagemagick (8:6.6.
* SECURITY REGRESSION: test label regression (LP: #1646485)
- debian/
updated to fix bad backport.
- debian/
updated to apply cleanly.
* SECURITY REGRESSION: text coder issue (LP: #1589580)
- debian/
fix logic in coders/txt.c.
-- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:08:13 -0500
Changed in imagemagick (Ubuntu Precise): | |
status: | Confirmed → Fix Released |
Changed in imagemagick (Ubuntu): | |
status: | Confirmed → Fix Committed |
Changed in imagemagick (Ubuntu): | |
status: | Fix Committed → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.