Yeah, but it's not immediately obvious if you're not familiar with imagemagick internals (I certainly didn't know what policy.xml was), and it's part of 70 lines of changes.
Given this is flat out disabling a big chunk of functionality in something frequently used as part of other programs / scripts, in an LTS release, a mention in NEWS or README or something might be an idea. Or at least a more verbose changelog entry. Is this the recommended long-term solution to whatever the underlying vulnerability is, or is it a stop-gap until something else - I assume ghostscript - is properly patched? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1796563 Title: 8:6.8.9.9-7ubuntu5.13 breaks convert with no explanation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1796563/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
