Control: tags -1 + patch Hi,
> Is this because of a ghostscript vulnerability? The PDF policy restriction is also in effect on Debian stable even though that release ships with Ghostscript 9.27, which online sources suggest is safe. [1] Converting images to PDF is a very common functionality. Please provide a backport with the attached patch, or similar. Thanks! Kind regards Felix Lechner [1] https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion
--- /etc/ImageMagick-6/policy.xml 2020-10-07 13:05:46.246938227 -0700 +++ /etc/ImageMagick-6/policy.xml~ 2020-06-25 11:00:40.000000000 -0700 @@ -91,6 +91,6 @@ <policy domain="coder" rights="none" pattern="PS2" /> <policy domain="coder" rights="none" pattern="PS3" /> <policy domain="coder" rights="none" pattern="EPS" /> - <!-- <policy domain="coder" rights="none" pattern="PDF" /> --> + <policy domain="coder" rights="none" pattern="PDF" /> <policy domain="coder" rights="none" pattern="XPS" /> </policymap>
