GNU bug report logs - #25993
texlive CVE-2016-10243

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 6 Mar 2017 03:32:02 UTC

Severity: normal

Tags: fixed

Done: Ricardo Wurmus <rekado <at> elephly.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ricardo Wurmus <rekado <at> elephly.net>
To: Leo Famulari <leo <at> famulari.name>
Cc: 25993 <at> debbugs.gnu.org
Subject: bug#25993: texlive CVE-2016-10243
Date: Mon, 06 Mar 2017 22:32:04 +0100

Leo Famulari <leo <at> famulari.name> writes:

> On Mon, Mar 06, 2017 at 10:02:06AM +0100, Ricardo Wurmus wrote:
>> Is this sufficient?  I see here that two files need this change:
>> 
>>     https://www.tug.org/svn/texlive?view=revision&revision=42605
>> 
>> Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?
>
> I inspected the built output of texlive, texlive-bin, and texlive-texmf,
> and none of them include the texmf.cnf file for kpathsea.
>
> That file does exist in the source.
>
> AFAICT, the only .cnf file in our built package that whitelists mpost is
> the one I patched.

Thank you for confirming this.  The patch looks good to me!

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

This bug report was last modified 8 years and 169 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #25993 texlive CVE-2016-10243

GNU bug report logs - #25993
texlive CVE-2016-10243