[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25993: texlive CVE-2016-10243
|
From: |
Ricardo Wurmus |
|
Subject: |
bug#25993: texlive CVE-2016-10243 |
|
Date: |
Mon, 06 Mar 2017 10:02:06 +0100 |
|
User-agent: |
mu4e 0.9.18; emacs 25.1.1 |
Leo Famulari <address@hidden> writes:
> This fixes CVE-2016-10243:
Thanks for preparing the patch to fix this.
> diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
> b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
> new file mode 100644
> index 000000000..3a9ae993f
> --- /dev/null
> +++ b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch
> @@ -0,0 +1,18 @@
> +Fix CVE-2016-10243:
> +
> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243
> +
> +Patch adapted from upstream commit:
> +
> +https://www.tug.org/svn/texlive?view=revision&revision=42605
> +
> +--- trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:10:33 42604
> ++++ trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:27:53 42605
> +@@ -568,7 +568,6 @@ extractbb,\
> + gregorio,\
> + kpsewhich,\
> + makeindex,\
> +-mpost,\
> + repstopdf,\
> +
> + % we'd like to allow:
> diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
Is this sufficient? I see here that two files need this change:
https://www.tug.org/svn/texlive?view=revision&revision=42605
Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?
--
Ricardo
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
https://elephly.net