On Thu, Jan 23, 2020 at 11:42:44AM +0900, Norbert Preining wrote: > On Wed, 22 Jan 2020, Moritz Muehlenhoff wrote: > > This was assigned CVE-2019-19601 and appears to be shipped as part of > > texlive-bin: > > https://github.com/pkubowicz/opendetex/issues/60 > > Only happens in the non-kpathsea code path, which Debian is not using. > The sprintf are the > #ifndef KPATHSEA > > Closing this bug, but suggesting a fix on the github issue for the > non-kpathsea case.
Thanks! I'll update the Debian Security Tracker. Cheers, Moritz