Ubuntu offerring TL updates

Reinhard Kotucha reinhard.kotucha at gmx.de
Sat Jun 3 10:58:21 CEST 2023 

On 2023-06-02 at 22:41:52 -0700, Paulo Ney DE SOUZA wrote:

 > What does it mean when you install TL 2023 from TUG, and then, all of a
 > sudden, Ubuntu starts offering Security Updates for it?
 >
 > [image: Screenshot from 2023-06-02 21-25-52.png]
 >
 > Should one take it???

Hi Paulo,
you obviously have two TeX Live distributions installed.  You can
safely install the updates, they have no impact on your installation
from TUG.

I suppose it's about this:

 > - -------------------------------------------------------------------------
 > Debian Security Advisory DSA-5406-1                   security at debian.org
 > https://www.debian.org/security/                     Salvatore Bonaccorso
 > May 20, 2023                          https://www.debian.org/security/faq
 > - -------------------------------------------------------------------------
 >
 > Package        : texlive-bin
 > CVE ID         : CVE-2023-32700
 >
 > Max Chernoff discovered that improperly secured shell-escape in LuaTeX
 > may result in arbitrary shell command execution, even with shell escape
 > disabled, if specially crafted tex files are processed.
 >
 > For the stable distribution (bullseye), this problem has been fixed in
 > version 2020.20200327.54578-7+deb11u1.
 >
 > We recommend that you upgrade your texlive-bin packages.
 >
 > For the detailed security status of texlive-bin please refer to its
 > security tracker page at:
 > https://security-tracker.debian.org/tracker/texlive-bin
 >
 > Further information about Debian Security Advisories, how to apply
 > these updates to your system and frequently asked questions can be
 > found at: https://www.debian.org/security/
 >
 > Mailing list: debian-security-announce at lists.debian.org

You can follow the links therein for more information.

Regards,
  Reinhard

--
------------------------------------------------------------------
Reinhard Kotucha                            Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover                    mailto:reinhard.kotucha at gmx.de
------------------------------------------------------------------

More information about the tex-live mailing list.