Hi Bastien, Did you look at the following bug report?
- u On Wed, Mar 15, 2023 at 8:09 PM Maxime Besson <[email protected]> wrote: > > Package: imagemagick > Version: 8:6.9.10.23+dfsg-2.1+deb10u2 > Severity: normal > > Dear Maintainer, > > After updating to 8:6.9.10.23+dfsg-2.1+deb10u2, libgd-securityimage-perl > does not work anymore because of the CVE-2022-44267 and CVE-2022-44268 > mitigation: > > <policy domain="path" rights="none" pattern="/etc/*" /> > > Removing this line from /etc/ImageMagick-6/policy.xml restores correct > hebavior. > > Here is a test script that tries to generate a Captcha > > use GD::SecurityImage use_magick => 1; > > my $image = GD::SecurityImage->new( > width => 200, > height => 100, > lines => 4, > gd_font => 'Giant', > scramble => 1, > rndmax => 10, > ); > $image->random; > $image->create( 'normal', 'default', "#403030", "#FF644B"); > print $image->out( force => 'png' ); > > The update breaks usage of fonts, and causes warnings to be printed, and > the image to be missing any text (which is bad for a Captcha) > , likely due to the fact that font configuration files for ImageMagick > are in /etc > > -- Package-specific info: > ImageMagick program version > --------------------------- > > -- System Information: > Debian Release: 10.13 > APT prefers oldstable-updates > APT policy: (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, > 'oldstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 6.0.0-0.deb11.6-amd64 (SMP w/6 CPU cores; PREEMPT) > Kernel taint flags: TAINT_WARN > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > > -- Configuration Files: > /etc/ImageMagick-6/policy.xml changed [not included] > > -- no debconf information >
