Am 26.05.2026 um 03:26 schrieb 萬尚宏: Hello,
the patch is here: https://salsa.debian.org/hilmar/mimetex/-/blob/master/debian/patches/CVE-2024-40445.diff?ref_type=heads
Basically it tries to figure, if shell commands are executed using \mathtex and prevents the call. By default \mathtex is disabled at all, but I've enabled it again in the Debian package.
Hilmar
Nice to hear it from you, I think that will be a good idea for the compatibility issue!If you're available to implement the patch, please feel free to send me the source code.I think I can help with code review for security.
OpenPGP_signature.asc
Description: OpenPGP digital signature
