Am Wed, May 19, 2021 at 08:49:01PM +0200 schrieb Paul Gevers: > Hi, > > First off, thanks Adrian for raising the concern. In general, at this > stage we don't like packages breaking other packages.
This should have been fixed in unstable for a long time, I pinged the maintainer multiple times even. imagemagick badly needs co-maintainers, the current state is not sustainable at all. imagemagick only saw one maintainer upload in 2020... > If I understand correctly, not having this patch in bullseye can be > considered a security regression. Yes, we should not revert this and rather fix fallout in the handful of affected packages. This patch e.g. prevented the exploitability of https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html and will prevent other issues in the future. Cheers, Moritz