[EXT] Re: Fwd: [USN-6695-1] TeX Live vulnerabilities
Philip Taylor (RHUoL)
P.Taylor at Rhul.Ac.Uk
Thu Mar 14 20:41:57 CET 2024
Zdenek Wagner wrote:
No, base64 is not a probem. The problem for me is an attachment with
missing or invalid Content-Type received from a person whom I do not
know. Opening such attachments is a security risk.
I did not need to open any attachments, Zdeněk — the base-64 content was embedded in the file, and displayed as soon as I read the message. See below :
-------- Weitergeleitete Nachricht --------
Betreff: [USN-6695-1] TeX Live vulnerabilities
Datum: Thu, 14 Mar 2024 09:25:40 -0400
Von: Marc Deslauriers <marc.deslauriers at canonical.com><mailto:marc.deslauriers at canonical.com>
Antwort an: Ubuntu Security <security at ubuntu.com><mailto:security at ubuntu.com>
An: ubuntu-security-announce at lists.ubuntu.com<mailto:ubuntu-security-announce at lists.ubuntu.com> <ubuntu-security-announce at lists.ubuntu.com><mailto:ubuntu-security-announce at lists.ubuntu.com>
Nachrichtenteil als Anhang
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------8fBQZfJjuY37JKHJjlopKb8p
Content-Type: multipart/mixed; boundary="------------ucMPlTR8knZKIbfSfris3KdB";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers at canonical.com><mailto:marc.deslauriers at canonical.com>
Reply-To: Ubuntu Security <security at ubuntu.com><mailto:security at ubuntu.com>
To: "ubuntu-security-announce at lists.ubuntu.com"<mailto:ubuntu-security-announce at lists.ubuntu.com>
<ubuntu-security-announce at lists.ubuntu.com><mailto:ubuntu-security-announce at lists.ubuntu.com>
Message-ID: <2a6317d8-78f2-4900-97fe-1e59a2b78e3a at canonical.com><mailto:2a6317d8-78f2-4900-97fe-1e59a2b78e3a at canonical.com>
Subject: [USN-6695-1] TeX Live vulnerabilities
--------------ucMPlTR8knZKIbfSfris3KdB
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT0NClVidW50dSBTZWN1cml0eSBOb3RpY2UgVVNOLTY2OTUt
MQ0KTWFyY2ggMTQsIDIwMjQNCg0KdGV4bGl2ZS1iaW4gdnVsbmVyYWJpbGl0aWVzDQo9PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PQ0KDQpBIHNlY3VyaXR5IGlzc3VlIGFmZmVjdHMgdGhlc2UgcmVs
ZWFzZXMgb2YgVWJ1bnR1IGFuZCBpdHMgZGVyaXZhdGl2ZXM6DQoNCi0gVWJ1bnR1IDIzLjEw
DQotIFVidW50dSAyMi4wNCBMVFMNCi0gVWJ1bnR1IDIwLjA0IExUUw0KDQpTdW1tYXJ5Og0K
DQpTZXZlcmFsIHNlY3VyaXR5IGlzc3VlcyB3ZXJlIGZpeGVkIGluIFRlWCBMaXZlLg0KDQpT
b2Z0d2FyZSBEZXNjcmlwdGlvbjoNCi0gdGV4bGl2ZS1iaW46IEJpbmFyaWVzIGZvciBUZVgg
TGl2ZQ0KDQpEZXRhaWxzOg0KDQpJdCB3YXMgZGlzY292ZXJlZCB0aGF0IFRlWCBMaXZlIGlu
Y29ycmVjdGx5IGhhbmRsZWQgY2VydGFpbiBtZW1vcnkNCm9wZXJhdGlvbnMgaW4gdGhlIGVt
YmVkZGVkIGF4b2RyYXcyIHRvb2wuIEFuIGF0dGFja2VyIGNvdWxkIHBvc3NpYmx5IHVzZQ0K
dGhpcyBpc3N1ZSB0byBjYXVzZSBUZVggTGl2ZSB0byBjcmFzaCwgcmVzdWx0aW5nIGluIGEg
ZGVuaWFsIG9mIHNlcnZpY2UuDQpUaGlzIGlzc3VlIG9ubHkgYWZmZWN0ZWQgVWJ1bnR1IDIw
LjA0IExUUy4gKENWRS0yMDE5LTE4NjA0KQ0KDQpJdCB3YXMgZGlzY292ZXJlZCB0aGF0IFRl
WCBMaXZlIGFsbG93ZWQgZG9jdW1lbnRzIHRvIG1ha2UgYXJiaXRyYXJ5DQpuZXR3b3JrIHJl
cXVlc3RzLiBJZiBhIHVzZXIgb3IgYXV0b21hdGVkIHN5c3RlbSB3ZXJlIHRyaWNrZWQgaW50
byBvcGVuaW5nIGENCnNwZWNpYWxseSBjcmFmdGVkIGRvY3VtZW50LCBhIHJlbW90ZSBhdHRh
Y2tlciBjb3VsZCBwb3NzaWJseSB1c2UgdGhpcyBpc3N1ZQ0KdG8gZXhmaWx0cmF0ZSBzZW5z
aXRpdmUgaW5mb3JtYXRpb24sIG9yIHBlcmZvcm0gb3RoZXIgbmV0d29yay1yZWxhdGVkDQph
dHRhY2tzLiBUaGlzIGlzc3VlIG9ubHkgYWZmZWN0ZWQgVWJ1bnR1IDIwLjA0IExUUywgYW5k
IFVidW50dSAyMi4wNCBMVFMuDQooQ1ZFLTIwMjMtMzI2NjgpDQoNCkl0IHdhcyBkaXNjb3Zl
cmVkIHRoYXQgVGVYIExpdmUgaW5jb3JyZWN0bHkgaGFuZGxlZCBjZXJ0YWluIFRydWVUeXBl
IGZvbnRzLg0KSWYgYSB1c2VyIG9yIGF1dG9tYXRlZCBzeXN0ZW0gd2VyZSB0cmlja2VkIGlu
dG8gb3BlbmluZyBhIHNwZWNpYWxseSBjcmFmdGVkDQpUcnVlVHlwZSBmb250LCBhIHJlbW90
ZSBhdHRhY2tlciBjb3VsZCB1c2UgdGhpcyBpc3N1ZSB0byBjYXVzZSBUZVggTGl2ZSB0bw0K
Y3Jhc2gsIHJlc3VsdGluZyBpbiBhIGRlbmlhbCBvZiBzZXJ2aWNlLCBvciBwb3NzaWJseSBl
eGVjdXRlIGFyYml0cmFyeQ0KY29kZS4gKENWRS0yMDI0LTI1MjYyKQ0KDQpVcGRhdGUgaW5z
dHJ1Y3Rpb25zOg0KDQpUaGUgcHJvYmxlbSBjYW4gYmUgY29ycmVjdGVkIGJ5IHVwZGF0aW5n
IHlvdXIgc3lzdGVtIHRvIHRoZSBmb2xsb3dpbmcNCnBhY2thZ2UgdmVyc2lvbnM6DQoNClVi
dW50dSAyMy4xMDoNCiAgIHRleGxpdmUtYmluYXJpZXMgICAgICAgICAgICAgICAgMjAyMy4y
MDIzMDMxMS42NjU4OS02dWJ1bnR1MC4xDQogICB0ZXhsaXZlLWJpbmFyaWVzLXNzZTIgICAg
ICAgICAgIDIwMjMuMjAyMzAzMTEuNjY1ODktNnVidW50dTAuMQ0KDQpVYnVudHUgMjIuMDQg
TFRTOg0KICAgdGV4bGl2ZS1iaW5hcmllcyAgICAgICAgICAgICAgICAyMDIxLjIwMjEwNjI2
LjU5NzA1LTF1YnVudHUwLjINCg0KVWJ1bnR1IDIwLjA0IExUUzoNCiAgIHRleGxpdmUtYmlu
YXJpZXMgICAgICAgICAgICAgICAgMjAxOS4yMDE5MDYwNS41MTIzNy0zdWJ1bnR1MC4yDQoN
CkluIGdlbmVyYWwsIGEgc3RhbmRhcmQgc3lzdGVtIHVwZGF0ZSB3aWxsIG1ha2UgYWxsIHRo
ZSBuZWNlc3NhcnkgY2hhbmdlcy4NCg0KUmVmZXJlbmNlczoNCiAgIGh0dHBzOi8vdWJ1bnR1
LmNvbS9zZWN1cml0eS9ub3RpY2VzL1VTTi02Njk1LTENCiAgIENWRS0yMDE5LTE4NjA0LCBD
VkUtMjAyMy0zMjY2OCwgQ1ZFLTIwMjQtMjUyNjINCg0KUGFja2FnZSBJbmZvcm1hdGlvbjoN
CiAgIGh0dHBzOi8vbGF1bmNocGFkLm5ldC91YnVudHUvK3NvdXJjZS90ZXhsaXZlLWJpbi8y
MDIzLjIwMjMwMzExLjY2NTg5LTZ1YnVudHUwLjENCiAgIGh0dHBzOi8vbGF1bmNocGFkLm5l
dC91YnVudHUvK3NvdXJjZS90ZXhsaXZlLWJpbi8yMDIxLjIwMjEwNjI2LjU5NzA1LTF1YnVu
dHUwLjINCiAgIGh0dHBzOi8vbGF1bmNocGFkLm5ldC91YnVudHUvK3NvdXJjZS90ZXhsaXZl
LWJpbi8yMDE5LjIwMTkwNjA1LjUxMjM3LTN1YnVudHUwLjINCg0K
--------------ucMPlTR8knZKIbfSfris3KdB--
--------------8fBQZfJjuY37JKHJjlopKb8p
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmXy+tQACgkQZWnYVadE
vpO3/BAAkxob4D+Y99ZFrgVMMeCrTcCeNVBgkCtt4PfykDgHqTaHW7v9JhFDp60C
WStzO1GmHDR431E83anRVxDGDcApy5ZvhNSPPAqxF9hEfbIvCtoTInU3aZF8f+u7
a0mA/IYH7hOwYHvwP7dZiPK8ygCI9S0N0jhv/QA4K7beh8029RB64aNQe9zxHWey
+bfuuToHsZn3FELCysoNA24o46p6e9FvspAcpGw97dkhEzLPCA9ntCD3Js2rTVS+
l9jWm5XG9/S44o/lbuk6GYXruE3L+mLhzPurtb0L0N3jykdmS/dluca1gO7LQKQi
oK+AquS6geeWu40tQGMPVex5I1HqqLoBVz/q6XFS6SZxiXKEKNA0Xk9BkcGPzuFV
vhl6p92LNXapJHFbg2bkU6+R8B0Zl35UEQzChHxsCUtWy1F6j736SsGyEEygR4KU
51YVpfZhmca+Xyhe+8/q5x86ZiGNyi3H5QCuZ/a9640QhzgMVzckcnhCgNMsnyr+
EEPHTpgSiFej07xc+FIQ09U7PzgZOUq06DWig08s6B8LPMZeRv+w+yh9eW8A4QAv
o8yxo+WnSGVuYsoqm4RD/ak4iDOqJjBMckENTy8s61LMYYxT+TCuUbRiVBajyGxx
hDUcyw1aM1I6puYorVL102c2qXIxv+1KVEiiKG1MGogvGLZgyN8=
=KdQc
-----END PGP SIGNATURE-----
--------------8fBQZfJjuY37JKHJjlopKb8p--
Nachrichtenteil als Anhang
--
Philip Taylor
This email, its contents and any attachments are intended solely for the addressee and may contain confidential information. In certain circumstances, it may also be subject to legal privilege. Any unauthorised use, disclosure, or copying is not permitted. If you have received this email in error, please notify us and immediately and permanently delete it. Any views or opinions expressed in personal emails are solely those of the author and do not necessarily represent those of Royal Holloway, University of London. It is your responsibility to ensure that this email and any attachments are virus free.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20240314/c0b736b7/attachment-0001.htm>
More information about the tex-live
mailing list.