GNU bug report logs -
#25993
texlive CVE-2016-10243
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Mon, 6 Mar 2017 03:32:02 UTC
Severity: normal
Tags: fixed
Done: Ricardo Wurmus <rekado <at> elephly.net>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Leo Famulari <leo <at> famulari.name> writes:
> This fixes CVE-2016-10243:
Thanks for preparing the patch to fix this.
> diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
> new file mode 100644
> index 000000000..3a9ae993f
> --- /dev/null
> +++ b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
> @@ -0,0 +1,18 @@
> +Fix CVE-2016-10243:
> +
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
> +
> +Patch adapted from upstream commit:
> +
> +https://www.tug.org/svn/texlive?view=revision&revision=42605
> +
> +--- trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:10:33 42604
> ++++ trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:27:53 42605
> +@@ -568,7 +568,6 @@ extractbb,\
> + gregorio,\
> + kpsewhich,\
> + makeindex,\
> +-mpost,\
> + repstopdf,\
> +
> + % we'd like to allow:
> diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
Is this sufficient? I see here that two files need this change:
https://www.tug.org/svn/texlive?view=revision&revision=42605
Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?
--
Ricardo
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
https://elephly.net
This bug report was last modified 8 years and 169 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.