Fwd: [USN-6695-1] TeX Live vulnerabilities
Norbert Preining
norbert at preining.info
Fri Mar 15 03:18:04 CET 2024
On Thu, 14 Mar 2024, Karl Berry wrote:
> https://ubuntu.com/security/notices/USN-6695-1
Uggh what?
> An attacker could possibly use this issue to cause TeX Live
> to crash, resulting in a denial of service.
Complete rubbish, who wrote that?
> Anyway, if someone can unearth the actual patches from Ubuntu's
I think all this is already in TL since long:
https://github.com/TeX-Live/texlive-source/pull/63
and
2024-01-21 Karl Berry <karl at freefriends.org>
* libttf/hdmx.c (ttfLoadHDMX): calloc the number of widths that we
actually read, namely numGlyphs+1. I don't understand why this
is numGlyphs+1 and not numGlyphs, per
https://developer.apple.com/fonts/TrueType-Reference-Manual/RM06/Chap6hdmx.html
but since the program has always read numGlyphs+1, just leaving it.
Report (and alternate fix) from attackoncs,
https://github.com/TeX-Live/texlive-source/pull/63
Best wishes
Norbert
--
PREINING Norbert https://www.preining.info
arXiv / Cornell University + IFMGA Guide + TU Wien + TeX Live
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the tex-live
mailing list.