[tlbuild] patch for CVE-2010-0829
George N. White III
gnwiii at gmail.com
Fri Jun 11 13:35:02 CEST 2010
On Fri, Jun 11, 2010 at 6:10 AM, Edd Barrett <vext01 at gmail.com> wrote:
> On Fri, Jun 11, 2010 at 12:37:34AM +0000, Karl Berry wrote:
>> https://bugzilla.redhat.com/show_bug.cgi?id=573999
>>
>> I think we just upgraded dvipng per Jan-Ake. I don't believe the
>> current sources are vulnerable. Sorry, no idea about patching TL'09.
>> Good luck.
>
> How is dvipng used in texlive? Is it just supplied for the user to run directly?
dvipng is used by auctex/preview -- many emacs users are running it without
even being aware that it exists, but in Ubuntu auctex only "suggests" dvipng,
while:
--\ Packages which depend on dvipng (15)
--\ Depends (5)
p cadabra 1.16-0ubuntu1
p imgtex 0.20050123-8
p latex.service 0.1-5build2
p mathtex 1.01-1
p python-plastex 0.9.1-1
> If I make a separate package for dvipng (and --disable-dvipng) and mark
> it as a dependency of texlive, will anything behave differently?
>
> --
> Best Regards
> Edd Barrett
>
> http://www.theunixzoo.co.uk
--
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
More information about the tlbuild
mailing list