[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25993: texlive CVE-2016-10243

From: Ricardo Wurmus
Subject: bug#25993: texlive CVE-2016-10243
Date: Mon, 06 Mar 2017 22:32:04 +0100
User-agent: mu4e 0.9.18; emacs 25.1.1

Leo Famulari <address@hidden> writes:

> On Mon, Mar 06, 2017 at 10:02:06AM +0100, Ricardo Wurmus wrote:
>> Is this sufficient?  I see here that two files need this change:
>> Should “trunk/Build/source/texk/kpathsea/texmf.cnf” also be patched?
> I inspected the built output of texlive, texlive-bin, and texlive-texmf,
> and none of them include the texmf.cnf file for kpathsea.
> That file does exist in the source.
> AFAICT, the only .cnf file in our built package that whitelists mpost is
> the one I patched.

Thank you for confirming this.  The patch looks good to me!


GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC

reply via email to

[Prev in Thread] Current Thread [Next in Thread]