bug#25993: texlive CVE-2016-10243

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25993: texlive CVE-2016-10243

From:	Leo Famulari
Subject:	bug#25993: texlive CVE-2016-10243
Date:	Mon, 6 Mar 2017 13:30:00 -0500
User-agent:	Mutt/1.8.0 (2017-02-23)

On Mon, Mar 06, 2017 at 10:02:06AM +0100, Ricardo Wurmus wrote:
> Is this sufficient?  I see here that two files need this change:
> 
>     https://www.tug.org/svn/texlive?view=revision&revision=42605
> 
> Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?

I inspected the built output of texlive, texlive-bin, and texlive-texmf,
and none of them include the texmf.cnf file for kpathsea.

That file does exist in the source.

AFAICT, the only .cnf file in our built package that whitelists mpost is
the one I patched.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#25993: texlive CVE-2016-10243, Leo Famulari, 2017/03/05
- bug#25993: texlive CVE-2016-10243, Ricardo Wurmus, 2017/03/06
  - bug#25993: texlive CVE-2016-10243, Leo Famulari <=
    - bug#25993: texlive CVE-2016-10243, Ricardo Wurmus, 2017/03/06
    - bug#25993: texlive CVE-2016-10243, Leo Famulari, 2017/03/06
    - bug#25993: texlive CVE-2016-10243, Ricardo Wurmus, 2017/03/09

Prev by Date: bug#25834: [PATCH 5/7] gnu: python-matplotlib: Update to 2.0.0.
Next by Date: bug#25991: [PATCH] gnu: surf: Add 'dmenu' and 'xprop' to 'inputs'.
Previous by thread: bug#25993: texlive CVE-2016-10243
Next by thread: bug#25993: texlive CVE-2016-10243
Index(es):
- Date
- Thread