Re: TeXlive 2023 vulnerability

To: tlaronde%polynum.com@localhost
Subject: Re: TeXlive 2023 vulnerability
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Tue, 23 May 2023 07:31:19 -0400

tlaronde%polynum.com@localhost writes:

> FYI (if it has not already spread):
>
> https://www.cve.org/CVERecord?id=CVE-2023-32700
>
> this affects luatex. See also:
>
> https://tug.org/~mseven/luatex.html
>
> (FWIW, once the vulnerability was discovered, these were informed:
>
> May 13, 2023
>     I privately emailed the vulnerability details to the security
> contacts for Ubuntu, Debian, Arch, Gentoo, Fedora, RHEL, OpenSUSE/SLES,
> FreeBSD, OpenBSD, texlive.net, and Overleaf. 
>     texlive.net is patched. 
>
> And NetBSD and pkgsrc were not amongst them.)

I am having trouble following your comments given the lack of text
quoting.  I couldn't understand why you didn't also inform pkgsrc, and
whether it was because it was not an issue, or some other reason.

NetBSD, as far as I know, lacks TeX and a fortiori lacks luatex, so that
seems fine.

Follow-Ups:
- Re: TeXlive 2023 vulnerability
  - From: tlaronde

References:
- TeXlive 2023 vulnerability
  - From: tlaronde

Prev by Date: TeXlive 2023 vulnerability
Next by Date: Re: TeXlive 2023 vulnerability
Previous by Thread: TeXlive 2023 vulnerability
Next by Thread: Re: TeXlive 2023 vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index