pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: TeXlive 2023 vulnerability
Le Tue, May 23, 2023 at 07:31:19AM -0400, Greg Troxel a écrit :
> tlaronde%polynum.com@localhost writes:
>
> > FYI (if it has not already spread):
> >
> > https://www.cve.org/CVERecord?id=CVE-2023-32700
> >
> > this affects luatex. See also:
> >
> > https://tug.org/~mseven/luatex.html
> >
> > (FWIW, once the vulnerability was discovered, these were informed:
> >
> > May 13, 2023
> > I privately emailed the vulnerability details to the security
> > contacts for Ubuntu, Debian, Arch, Gentoo, Fedora, RHEL, OpenSUSE/SLES,
> > FreeBSD, OpenBSD, texlive.net, and Overleaf.
> > texlive.net is patched.
> >
> > And NetBSD and pkgsrc were not amongst them.)
>
> I am having trouble following your comments given the lack of text
> quoting. I couldn't understand why you didn't also inform pkgsrc, and
> whether it was because it was not an issue, or some other reason.
>
> NetBSD, as far as I know, lacks TeX and a fortiori lacks luatex, so that
> seems fine.
The formatting of my message was ambiguous. The:
> > May 13, 2023
> > I privately emailed the vulnerability details to the security
> > contacts for Ubuntu, Debian, Arch, Gentoo, Fedora, RHEL, OpenSUSE/SLES,
> > FreeBSD, OpenBSD, texlive.net, and Overleaf.
> > texlive.net is patched.
is a quote from the link above. The 'I' in there is not me but
"Max Chernoff" (if I understand correctly from the link).
And neither FreeBSD nor OpenBSD use TeX as formatting (doc or manpage)
handling, but provide indirectly TeX with an opt package system, the
same as NetBSD.
So it's rather disturbing because I don't consider NetBSD "obscure"
enough to not be granted the same treatment as the other two BSDs---or
the myriad of Linuces, BTW.
--
Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
http://www.kergis.com/
http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Home |
Main Index |
Thread Index |
Old Index