GNU bug report logs - #25993
texlive CVE-2016-10243

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 6 Mar 2017 03:32:02 UTC

Severity: normal

Tags: fixed

Done: Ricardo Wurmus <rekado <at> elephly.net>

Bug is archived. No further changes may be made.

Full log

Message #11 received at 25993 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ricardo Wurmus <rekado <at> elephly.net>
Cc: 25993 <at> debbugs.gnu.org
Subject: Re: bug#25993: texlive CVE-2016-10243
Date: Mon, 6 Mar 2017 13:30:00 -0500

[Message part 1 (text/plain, inline)]

On Mon, Mar 06, 2017 at 10:02:06AM +0100, Ricardo Wurmus wrote:
> Is this sufficient?  I see here that two files need this change:
> 
>     https://www.tug.org/svn/texlive?view=revision&revision=42605
> 
> Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?

I inspected the built output of texlive, texlive-bin, and texlive-texmf,
and none of them include the texmf.cnf file for kpathsea.

That file does exist in the source.

AFAICT, the only .cnf file in our built package that whitelists mpost is
the one I patched.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 8 years and 169 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #25993 texlive CVE-2016-10243

GNU bug report logs - #25993
texlive CVE-2016-10243