security update regression in 'convert' tool when creating an image containing a text label

Status changed to 'Confirmed' because the bug affects multiple users.

Confirming I'm seeing this same bug.

$> convert -background transparent -fill black -pointsize 32 label:test out.png

convert.im6: no images defined `out.png' @ error/convert.c/ConvertImageCommand/3044.

$> convert -version

Version: ImageMagick 6.7.7-10 2016-11-29 Q16 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2012 ImageMagick Studio LLC
Features: OpenMP

Ubuntu 14.04

$> lsb_release -a

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty

This is caused by a bad patch backport to trusty and precise. I'll be releasing a fix for this issue today or tomorrow.

Marc, that would be amazing; I'm on deadline by the end of the month to wrap up a migration of some legacy code and Imagemagick is one of those requirements (the others being older versions of PHP/Apache), thus why I'm on Ubuntu 14.04.

The current workaround I have is to set up a small Ubuntu 16.04 box that has a version of ImageMagick that works and utilize NFS to get it back to the main box; it's hacky, but it's the only thing I could come up without having to try to get everything else working on 16.04.

If you could get this patch released today I may not have to go that route, either way it's much appreciated, thanks!

This bug was fixed in the package imagemagick - 8:6.7.7.10-6ubuntu3.4

---------------
imagemagick (8:6.7.7.10-6ubuntu3.4) trusty-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:04:25 -0500

This bug was fixed in the package imagemagick - 8:6.6.9.7-5ubuntu3.7

---------------
imagemagick (8:6.6.9.7-5ubuntu3.7) precise-security; urgency=medium

  * SECURITY REGRESSION: test label regression (LP: #1646485)
    - debian/patches/0161-Do-not-ignore-SetImageBias-bias-value.patch:
      updated to fix bad backport.
    - debian/patches/0162-Suspend-exception-processing-if-there-are-too-many-e.patch:
      updated to apply cleanly.
  * SECURITY REGRESSION: text coder issue (LP: #1589580)
    - debian/patches/fix_text_coder.patch: add extra check to coders/mvg.c,
      fix logic in coders/txt.c.

 -- Marc Deslauriers <email address hidden> Wed, 22 Feb 2017 10:08:13 -0500

That fixed the issue, thanks Marc!!