UbuntuUpdates.org

Package "texlive-bin"

Name: texlive-bin

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • TeX Live: path search library for TeX (development part)
  • TeX Live: path search library for TeX (runtime part)
  • TeX Live: ptex encoding library (development part)
  • TeX Live: pTeX encoding library
Latest version: 2019.20190605.51237-3ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "texlive-bin" in Focal

Repository Area Version
base main 2019.20190605.51237-3build2
base universe 2019.20190605.51237-3build2
security main 2019.20190605.51237-3ubuntu0.2
security universe 2019.20190605.51237-3ubuntu0.2
updates universe 2019.20190605.51237-3ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2019.20190605.51237-3ubuntu0.2 2024-03-14 15:06:53 UTC

  texlive-bin (2019.20190605.51237-3ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: sprintf mishandling in axohelp
    - debian/patches/CVE-2019-18604.patch: fix overflow bugs in
      utils/axodraw2/*.
    - CVE-2019-18604
  * SECURITY UPDATE: arbitrary network requests via socket library
    - debian/patches/CVE-2023-32668.patch: disable socket library by
      default in texk/web2c/luatexdir/lua/loslibext.c,
      texk/web2c/luatexdir/lua/luainit.c,
      texk/web2c/luatexdir/lua/luastuff.c,
      texk/web2c/luatexdir/lua/luatex-api.h,
      texk/web2c/luatexdir/luasocket/src/lua_preload.c.
    - CVE-2023-32668
  * SECURITY UPDATE: heap overflow in ttfdump (LP: #2047912)
    - debian/patches/CVE-2024-25262.diff: add overflow check to
      texk/ttfdump/libttf/hdmx.c.
    - CVE-2024-25262

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2024 10:19:47 -0400
Source diff to previous version
2047912 There is a heap buffer overflow in texlive-bin
CVE-2019-18604 In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
CVE-2023-32668 LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to th
CVE-2024-25262 texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to

Version: 2019.20190605.51237-3ubuntu0.1 2023-05-30 12:07:17 UTC

  texlive-bin (2019.20190605.51237-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary Code Execution
    - debian/patches/CVE-2023-32700.patch: Fix improperly secured
      shell-escape in LuaTeX.
    - CVE-2023-32700

 -- Eduardo Barretto <email address hidden> Thu, 25 May 2023 14:44:46 +0200
CVE-2023-32700 LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because lu


About   -   Send Feedback to @ubuntu_updates