This bug was fixed in the package texlive-bin -
2021.20210626.59705-1ubuntu0.2
---------------
texlive-bin (2021.20210626.59705-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: arbitrary network requests via socket library
- debian/patches/CVE-2023-32668.patch: disable socket library by
default in texk/web2c/luatexdir/lua/loslibext.c,
texk/web2c/luatexdir/lua/luainit.c,
texk/web2c/luatexdir/lua/luastuff.c,
texk/web2c/luatexdir/lua/luatex-api.h,
texk/web2c/luatexdir/luasocket/src/lua_preload.c.
- CVE-2023-32668
* SECURITY UPDATE: heap overflow in ttfdump (LP: #2047912)
- debian/patches/CVE-2024-25262.diff: add overflow check to
texk/ttfdump/libttf/hdmx.c.
- CVE-2024-25262
-- Marc Deslauriers <[email protected]> Wed, 13 Mar 2024
10:11:46 -0400
** Changed in: texlive-bin (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-18604
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2047912
Title:
There is a heap buffer overflow in texlive-bin
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
