Buffer overflow on axohelp
nico at semmle.com
Fri Jul 19 11:15:07 CEST 2019
Sorry about that Karl. Where I look for a contact, it mention this as the
place to report "bugs", it was not every specific :D, I should have dig
PS: Please let me know when you have a patch
On Thu, 18 Jul 2019 at 18:12, Karl Berry <karl at freefriends.org> wrote:
> There is a buffer overflow on the way axohelp handle the .ax1 files.
> Thanks for the report. I forwarded it to the axohelp author, John
> Collins. I expect one of us will fix it soon (in the sources at least),
> one way or another.
> coordinate my disclosure
> Well, since you sent the report to a public list instead of our
> "security" list (tlsecurity at tug.org), it is already disclosed. Not that
> I think this particular vulnerability is drop-everything crucial;
> axohelp is rarely used and has no special privileges.
> Thanks again. --karl
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tex-live