To solve T141739 require to upgrade/downgrade/patch ImageMagick to some version that handles those files correctly.
Description
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | matmarex | T141739 Issues with displaying thumbnails for CMYK JPG images due to buggy version of ImageMagick (black horizontal stripes, black color missing) | |||
Resolved | None | T150432 Deploy some fixed version of ImageMagick from apt.wikimedia.org |
Event Timeline
Comment Actions
So for the initial version, 6.8.3 has been identified by @matmarex as the last 6.x before the bug introduction.
This version couldn't be the optimal choice from a security point of view:
- https://www.debian.org/security/2016/dsa-3675 for versions < 6.9.5.10
- Buffer overflow in magick/drag.c/DrawStrokePolygon() for versions < 6.9.4.1 (changelog)
- Some issues with a CVE reference for < 6.9.3.9 (including the notorious one, with mitigation possible through policy configuration)
We should evaluate if one of these issues could be triggered by our image processing, and if so, focus on ImageMagick 7.
Finally, @matmarex reported the issue upstream. If they backport the fix to 6.9, the last 6.9 version will be clearly the optimal choice, as it will keep some stability and will include security fixes.
Comment Actions
So this is the version we want. It will be satisfactory AND for the security issues fixed, AND for the bug fix.