bug#25993: texlive CVE-2016-10243

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25993: texlive CVE-2016-10243

From:	Ricardo Wurmus
Subject:	bug#25993: texlive CVE-2016-10243
Date:	Mon, 06 Mar 2017 22:32:04 +0100
User-agent:	mu4e 0.9.18; emacs 25.1.1

Leo Famulari <address@hidden> writes:

> On Mon, Mar 06, 2017 at 10:02:06AM +0100, Ricardo Wurmus wrote:
>> Is this sufficient?  I see here that two files need this change:
>> 
>>     https://www.tug.org/svn/texlive?view=revision&revision=42605
>> 
>> Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?
>
> I inspected the built output of texlive, texlive-bin, and texlive-texmf,
> and none of them include the texmf.cnf file for kpathsea.
>
> That file does exist in the source.
>
> AFAICT, the only .cnf file in our built package that whitelists mpost is
> the one I patched.

Thank you for confirming this.  The patch looks good to me!

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

[Prev in Thread]

Current Thread

[Next in Thread]

bug#25993: texlive CVE-2016-10243, Leo Famulari, 2017/03/05
- bug#25993: texlive CVE-2016-10243, Ricardo Wurmus, 2017/03/06
  - bug#25993: texlive CVE-2016-10243, Leo Famulari, 2017/03/06
    - bug#25993: texlive CVE-2016-10243, Ricardo Wurmus <=
    - bug#25993: texlive CVE-2016-10243, Leo Famulari, 2017/03/06
    - bug#25993: texlive CVE-2016-10243, Ricardo Wurmus, 2017/03/09

Prev by Date: bug#26003: neomutt: update to 20170306 + kyotocabinet
Next by Date: bug#25834: [PATCH 5/7] gnu: python-matplotlib: Update to 2.0.0.
Previous by thread: bug#25993: texlive CVE-2016-10243
Next by thread: bug#25993: texlive CVE-2016-10243
Index(es):
- Date
- Thread