Package: pdf-redact-tools
Version: 0.1.2-4
Severity: serious
Hi,
At least on Bullseye and sid, any pdf-redact-tools operation fails
with an error like:
convert-im6.q16: attempt to perform an operation not allowed by the security
policy `PDF' @ error/constitute.c/IsCoderAuthorized/421.
Touss, a fellow Tails contributor, reports this is caused by PDF support having
been disabled in imagemagick:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964090
This change is effective on Buster and newer and a security team
member indicated they'd rather not revert it.
A workaround, to be able to use pdf-redact-tools, is to edit
/etc/ImageMagick-6/policy.xml and comment out that line:
… which re-introduces the attack surface that the security team wants
to disable.
Additionally, since May 2020 this project is not maintained upstream anymore:
https://github.com/firstlookmedia/pdf-redact-tools/commit/e407942fa19027718b706033d460a1dec2097094
So I think this package should not be included in Bookworm,
hence the RC severity.
Cheers!
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (990, 'unstable'), (2, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pdf-redact-tools depends on:
ii file 1:5.41-4
ii imagemagick 8:6.9.11.60+dfsg-1.3+b4
ii imagemagick-6.q16 [imagemagick] 8:6.9.11.60+dfsg-1.3+b4
ii libimage-exiftool-perl 12.49+dfsg-1
ii python3 3.10.6-1
pdf-redact-tools recommends no packages.
pdf-redact-tools suggests no packages.
-- no debconf information