Comment 15 for bug 2004580

Okay, this needs immediate reverting, Paulo - CVE-2022-44267_44268-2.patch (or -3.patch for jammy) removes any access to /etc/, so ImageMagick can't even load it's own /etc/ImageMagick/type-ghostscript.xml for GS font usage anymore!

See bug https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/2012684

This "mitigation" should not have been added. My PoC PNG file exfiltrated /etc/hosts, but it could just as well have been /var/log/syslog, or /usr/local/foobar/etc/secretfile, or /proc/1/environ. There is no point in trying to address this via a policy file. The fix must be in code, and it is, so this policy file change can be removed again.

I am attaching corrected and cleaned up patches for focal and jammy, split into two parts the way I initially proposed.

(Your focal patch files are named ..._1.patch and ...-2.patch, FYI).