-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5406-1
security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
May 20, 2023
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : texlive-bin
CVE ID : CVE-2023-32700
Max Chernoff discovered that improperly secured shell-escape in LuaTeX
may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed.
For the stable distribution (bullseye), this problem has been fixed in
version 2020.20200327.54578-7+deb11u1.
We recommend that you upgrade your texlive-bin packages.
For the detailed security status of texlive-bin please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/texlive-bin
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRogV1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q8Mw//dU+/D/UBb2JkwXlEIokR3DA2T8caFdICcRICYBEAZCGIonM2uzbUIy5D bRtAit45gOqWY+VS+Z0zuPPTzUek7m99+L3yjXg9FSW1qsWVgBQu6w+L9CBDQBf0 KUbzaXgAsqQoxzul08SwQY3gQV620PuNpt20HfVM4QUR03r92QHH1pSPzA6nWzcR UYoj8rK2F0NYish95yuLrU+sRCw5LWbPpQkwDFw6L37Ml0GQJ6lIa/2jhHrUe/VR D4PU9knWeYcudegUNjt5UfbLk2DWR99zaIazBJUazBFoBiLJwx9b6UqvJHzyvdQF O9v6zRC+Ds9jIpbV0fwVRSRqaxYB23SgpJXp7gB0lVhWDFFLJ9EkI8sftsgTwEhP xfZ1xHrzdIfWjmuIHo4+HQhDUzikJNe7HYlLP6vE1LszGMJhusrbxkgjJqcqSH+J Zdaw4IzfVYd9ms0Kc0Ec5N1DABOW4UoN5//gq13Ny43QW/K8wzzEKFnwe84FPEwz Fe5iMfZswjXsCyn3Se/fJWcFp082TW6iOOegcJaYD/YcbzmKigJv8L8XlyLNjaEV OyXsdY6AQlXSRp7bbcMtmqoH2b3wsS5KX4mD+XJ+sJynbSW8xwMRiqOan3h0PtL8 7RHEiBCbeqznhdkZbs5NDVURUqT+Jy5+yUlHc5+BFqVNQ4e9LsA=
=3/W/
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)