slackware-current

Miroirs/slackware-current

Fork 0

mirror of git://slackware.nl/current.git synced 2024-12-29 10:25:00 +01:00

Commit graph

Author	SHA1	Message	Date
Patrick J Volkerding	73b668742a	Thu May 25 00:24:33 UTC 2023 patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz: Upgraded. This update patches a security issue: LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Thanks to Johannes Schoepfer. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-32700 (* Security fix *)	2023-05-25 13:30:31 +02:00

Author

SHA1

Message

Date

Patrick J Volkerding

73b668742a

Thu May 25 00:24:33 UTC 2023

patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
  compiling a TeX file obtained from an untrusted source. This occurs
  because luatex-core.lua lets the original io.popen be accessed. This also
  affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
  Thanks to Johannes Schoepfer.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32700
  (* Security fix *)

2023-05-25 13:30:31 +02:00

1 commit