[tlbuild] patch for CVE-2010-0829
Edd Barrett
vext01 at gmail.com
Fri Jun 11 11:10:06 CEST 2010
On Fri, Jun 11, 2010 at 12:37:34AM +0000, Karl Berry wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=573999
>
> I think we just upgraded dvipng per Jan-Ake. I don't believe the
> current sources are vulnerable. Sorry, no idea about patching TL'09.
> Good luck.
How is dvipng used in texlive? Is it just supplied for the user to run directly?
If I make a separate package for dvipng (and --disable-dvipng) and mark
it as a dependency of texlive, will anything behave differently?
--
Best Regards
Edd Barrett
http://www.theunixzoo.co.uk
More information about the tlbuild
mailing list