UbuntuUpdates.org

Package "texlive-bin"

Name: texlive-bin

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • TeX Live: path search library for TeX (development part)
  • TeX Live: path search library for TeX (runtime part)
  • TeX Live: ptex encoding library (development part)
  • TeX Live: pTeX encoding library

Latest version: 2021.20210626.59705-1ubuntu0.2
Release: jammy (22.04)
Level: updates
Repository: main

Links



Other versions of "texlive-bin" in Jammy

Repository Area Version
base main 2021.20210626.59705-1build1
base universe 2021.20210626.59705-1build1
security main 2021.20210626.59705-1ubuntu0.2
security universe 2021.20210626.59705-1ubuntu0.2
updates universe 2021.20210626.59705-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2021.20210626.59705-1ubuntu0.2 2024-03-14 15:06:56 UTC

  texlive-bin (2021.20210626.59705-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: arbitrary network requests via socket library
    - debian/patches/CVE-2023-32668.patch: disable socket library by
      default in texk/web2c/luatexdir/lua/loslibext.c,
      texk/web2c/luatexdir/lua/luainit.c,
      texk/web2c/luatexdir/lua/luastuff.c,
      texk/web2c/luatexdir/lua/luatex-api.h,
      texk/web2c/luatexdir/luasocket/src/lua_preload.c.
    - CVE-2023-32668
  * SECURITY UPDATE: heap overflow in ttfdump (LP: #2047912)
    - debian/patches/CVE-2024-25262.diff: add overflow check to
      texk/ttfdump/libttf/hdmx.c.
    - CVE-2024-25262

 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2024 10:11:46 -0400

Source diff to previous version
2047912 There is a heap buffer overflow in texlive-bin
CVE-2023-32668 LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to th
CVE-2024-25262 texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to

Version: 2021.20210626.59705-1ubuntu0.1 2023-05-30 12:07:22 UTC

  texlive-bin (2021.20210626.59705-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary Code Execution
    - debian/patches/CVE-2023-32700.patch: Fix improperly secured
      shell-escape in LuaTeX.
    - CVE-2023-32700

 -- Eduardo Barretto <email address hidden> Thu, 25 May 2023 14:33:01 +0200

CVE-2023-32700 LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because lu



About   -   Send Feedback to @ubuntu_updates