TeXlive 2023 vulnerability

To: pkgsrc-users%netbsd.org@localhost
Subject: TeXlive 2023 vulnerability
From: tlaronde%polynum.com@localhost
Date: Tue, 23 May 2023 10:10:48 +0200

FYI (if it has not already spread):

https://www.cve.org/CVERecord?id=CVE-2023-32700

this affects luatex. See also:

https://tug.org/~mseven/luatex.html

(FWIW, once the vulnerability was discovered, these were informed:

May 13, 2023
    I privately emailed the vulnerability details to the security
contacts for Ubuntu, Debian, Arch, Gentoo, Fedora, RHEL, OpenSUSE/SLES,
FreeBSD, OpenBSD, texlive.net, and Overleaf. 
    texlive.net is patched. 

And NetBSD and pkgsrc were not amongst them.)
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C

Follow-Ups:
- Re: TeXlive 2023 vulnerability
  - From: Mark Davies
- Re: TeXlive 2023 vulnerability
  - From: Greg Troxel

Prev by Date: Re: boost-libs on macOS Ventura (13.x)
Next by Date: Re: TeXlive 2023 vulnerability
Previous by Thread: gdk-pixbuf2 needs librsvg run time dependency
Next by Thread: Re: TeXlive 2023 vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index