[SECURITY] texlive
Ken Brown
kbrown@cornell.edu
Sat Jun 13 13:06:00 GMT 2015
On 5/28/2015 2:15 PM, Yaakov Selkowitz wrote:
> Ken,
>
> An insecure usage of /tmp has been reported in mktexlsr:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1181167
> http://pkgs.fedoraproject.org/cgit/texlive.git/plain/texlive-bz979176.patch
This was discussed upstream starting at
http://tug.org/mailman/htdig/tlbuild/2015q1/003104.html
and it was decided *not* to apply this patch to TeX Live 2015. After
reading the discussion, however, I've decided to apply the patch to the
Cygwin build. I expect to release this around July 1, right after
perl-5.22 is released. (I'm delaying in order to avoid hassles with biber.)
Ken
More information about the Cygwin-apps
mailing list