[tlbuild] patch for CVE-2010-0829

Edd Barrett vext01 at gmail.com
Fri Jun 11 11:10:06 CEST 2010


On Fri, Jun 11, 2010 at 12:37:34AM +0000, Karl Berry wrote:
>     https://bugzilla.redhat.com/show_bug.cgi?id=573999
> 
> I think we just upgraded dvipng per Jan-Ake.  I don't believe the
> current sources are vulnerable.  Sorry, no idea about patching TL'09.
> Good luck.

How is dvipng used in texlive? Is it just supplied for the user to run directly?

If I make a separate package for dvipng (and --disable-dvipng) and mark
it as a dependency of texlive, will anything behave differently?

-- 
Best Regards
Edd Barrett

http://www.theunixzoo.co.uk


More information about the tlbuild mailing list