UbuntuUpdates.org

Package "libtexlua53"

Name: libtexlua53

Description:

TeX Live: Lua 5.3, modified for use with LuaTeX

Latest version: 2019.20190605.51237-3ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: main
Head package: texlive-bin
Homepage: https://www.tug.org/texlive/

Links


Download "libtexlua53"


Other versions of "libtexlua53" in Focal

Repository Area Version
base main 2019.20190605.51237-3build2
security main 2019.20190605.51237-3ubuntu0.2

Changelog

Version: 2019.20190605.51237-3ubuntu0.2 2024-03-14 15:06:53 UTC

  texlive-bin (2019.20190605.51237-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: sprintf mishandling in axohelp
    - debian/patches/CVE-2019-18604.patch: fix overflow bugs in
      utils/axodraw2/*.
    - CVE-2019-18604
  * SECURITY UPDATE: arbitrary network requests via socket library
    - debian/patches/CVE-2023-32668.patch: disable socket library by
      default in texk/web2c/luatexdir/lua/loslibext.c,
      texk/web2c/luatexdir/lua/luainit.c,
      texk/web2c/luatexdir/lua/luastuff.c,
      texk/web2c/luatexdir/lua/luatex-api.h,
      texk/web2c/luatexdir/luasocket/src/lua_preload.c.
    - CVE-2023-32668
  * SECURITY UPDATE: heap overflow in ttfdump (LP: #2047912)
    - debian/patches/CVE-2024-25262.diff: add overflow check to
      texk/ttfdump/libttf/hdmx.c.
    - CVE-2024-25262

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2024 10:19:47 -0400

Source diff to previous version
2047912 There is a heap buffer overflow in texlive-bin
CVE-2019-18604 In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
CVE-2023-32668 LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to th
CVE-2024-25262 texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to

Version: 2019.20190605.51237-3ubuntu0.1 2023-05-30 12:07:17 UTC

  texlive-bin (2019.20190605.51237-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary Code Execution
    - debian/patches/CVE-2023-32700.patch: Fix improperly secured
      shell-escape in LuaTeX.
    - CVE-2023-32700

 -- Eduardo Barretto <email address hidden> Thu, 25 May 2023 14:44:46 +0200

CVE-2023-32700 LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because lu



About   -   Send Feedback to @ubuntu_updates