-
texlive-bin (2019.20190605.51237-3ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: sprintf mishandling in axohelp
- debian/patches/CVE-2019-18604.patch: fix overflow bugs in
utils/axodraw2/*.
- CVE-2019-18604
* SECURITY UPDATE: arbitrary network requests via socket library
- debian/patches/CVE-2023-32668.patch: disable socket library by
default in texk/web2c/luatexdir/lua/loslibext.c,
texk/web2c/luatexdir/lua/luainit.c,
texk/web2c/luatexdir/lua/luastuff.c,
texk/web2c/luatexdir/lua/luatex-api.h,
texk/web2c/luatexdir/luasocket/src/lua_preload.c.
- CVE-2023-32668
* SECURITY UPDATE: heap overflow in ttfdump (LP: #2047912)
- debian/patches/CVE-2024-25262.diff: add overflow check to
texk/ttfdump/libttf/hdmx.c.
- CVE-2024-25262
-- Marc Deslauriers <email address hidden> Wed, 13 Mar 2024 10:19:47 -0400
-
texlive-bin (2019.20190605.51237-3ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Arbitrary Code Execution
- debian/patches/CVE-2023-32700.patch: Fix improperly secured
shell-escape in LuaTeX.
- CVE-2023-32700
-- Eduardo Barretto <email address hidden> Thu, 25 May 2023 14:44:46 +0200
-
texlive-bin (2019.20190605.51237-3build2) focal; urgency=medium
* No-change rebuild for icu soname change.
-- Matthias Klose <email address hidden> Tue, 03 Mar 2020 21:42:31 +0100
-
texlive-bin (2019.20190605.51237-3build1) focal; urgency=medium
* No-change rebuild for icu soname change.
-- Matthias Klose <email address hidden> Thu, 13 Feb 2020 09:55:31 +0100
-
texlive-bin (2019.20190605.51237-3) unstable; urgency=medium
[ Hilmar Preusse ]
* Stop building dvisvgm package to solve FTBFS on HURD
(Closes: #926701). It will be packaged separately (see #932968).
Add the new package to Recommends.
* Add patch to pdftex.man to document -synctex option (Closes: #772928).
* Patch by Gero Treuner <email address hidden> (mp.w_epoch.patch)
MetaPost does not honour SOURCE_DATE_EPOCH (Closes: #890734).
* Patch by John Paul Adrian Glaubitz <email address hidden>
(sparc64-fix-alignment.patch) to enable the alignment fixes for Linux on
SPARC64 (Closes: #931873).
[ Norbert Preining ]
* Cherry pick session:
- lacheck: separate patterns for handling \def and \newcommand
- lacheck: version bump 1.29
- ptex: strict '! Improper alphabetic or KANJI constant.'
- eptex: version 190709 (add \ifincsname, revise \iffontchar and \fontchar)
- eptex.ech: more compatible with original e-TeX
- xdvi: don't use now-gone-from-ghostscript execute operator (from upstream)
(Closes: #940191)
- dvipdfmx: Fix a crash observed in add_ligature1_inverse_map()
- dvipdfmx: Fix a bug that OTL coverage data were sometimes not
read and were initialized to wrong values.
- dvipdfmx: Fix evaluation of option "-m" (Closes: #926642)
- dvipdfmx: workaround for problems in user defined resources
- gsftopk: gs-9.28(rc1) requires -dNOSAFER
- dvipdfmx: Take into account summertime. Always output color change code
- dvipdfmx: show appropriate message if unsupported pfa is used
- e-pTeX: e-pTeX 190908: \readline correctly handles Japanese characters
- ptexenc.c: updates from H. Kitagawa
-- Norbert Preining <email address hidden> Wed, 18 Sep 2019 17:15:44 +0900
-
texlive-bin (2019.20190605.51237-2build1) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:13:11 +0000