it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5406-1] texlive-bin security update
- Date: Sat, 20 May 2023 08:14:54 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1q0Hjq-003LDh-Aw AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=3chJj+7XRBzsZ5q+FBoKm3nqvcUfetgR7CxXBw2hDJ8=; b=CW xvo4QWNfUY7IGolps4CSVkgCI7+G6/W+EJ3GAWSAeurZHYxXq5cCvychT6xcB0Fn3CUrEUpKdxbWz zxxJDrALM5gw6HgPuUlUd0/vix5NC1dsnbSDaiPboZDrib0OTLRwuW3HnQ7CC9rF6rGB9/22+ue2F 71WL4LmAn5yBLpi7tNAnxbLJ8DSRbd7VuWg/cgGEHcKKZ36f+aE4rguvvB1jFWkppuCn+HliJce66 4dh2+JGg+w4wLi+v5I+T376qiXJiKx3x1Vmzu/8pHZsCGlpUJHItPihbAu/auWDkGW9YkmvRAzfup DOaYm9JR8+ppcdKeCX/JSyalsrc6TIYw==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Sat, 20 May 2023 08:15:22 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <-jGQGz8WyvC.A.50E.aGIakB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5406-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 20, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : texlive-bin
CVE ID : CVE-2023-32700
Max Chernoff discovered that improperly secured shell-escape in LuaTeX
may result in arbitrary shell command execution, even with shell escape
disabled, if specially crafted tex files are processed.
For the stable distribution (bullseye), this problem has been fixed in
version 2020.20200327.54578-7+deb11u1.
We recommend that you upgrade your texlive-bin packages.
For the detailed security status of texlive-bin please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/texlive-bin
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmRogV1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q8Mw//dU+/D/UBb2JkwXlEIokR3DA2T8caFdICcRICYBEAZCGIonM2uzbUIy5D
bRtAit45gOqWY+VS+Z0zuPPTzUek7m99+L3yjXg9FSW1qsWVgBQu6w+L9CBDQBf0
KUbzaXgAsqQoxzul08SwQY3gQV620PuNpt20HfVM4QUR03r92QHH1pSPzA6nWzcR
UYoj8rK2F0NYish95yuLrU+sRCw5LWbPpQkwDFw6L37Ml0GQJ6lIa/2jhHrUe/VR
D4PU9knWeYcudegUNjt5UfbLk2DWR99zaIazBJUazBFoBiLJwx9b6UqvJHzyvdQF
O9v6zRC+Ds9jIpbV0fwVRSRqaxYB23SgpJXp7gB0lVhWDFFLJ9EkI8sftsgTwEhP
xfZ1xHrzdIfWjmuIHo4+HQhDUzikJNe7HYlLP6vE1LszGMJhusrbxkgjJqcqSH+J
Zdaw4IzfVYd9ms0Kc0Ec5N1DABOW4UoN5//gq13Ny43QW/K8wzzEKFnwe84FPEwz
Fe5iMfZswjXsCyn3Se/fJWcFp082TW6iOOegcJaYD/YcbzmKigJv8L8XlyLNjaEV
OyXsdY6AQlXSRp7bbcMtmqoH2b3wsS5KX4mD+XJ+sJynbSW8xwMRiqOan3h0PtL8
7RHEiBCbeqznhdkZbs5NDVURUqT+Jy5+yUlHc5+BFqVNQ4e9LsA=
=3/W/
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5406-1] texlive-bin security update, Salvatore Bonaccorso, 20.05.2023
Archiv bereitgestellt durch MHonArc 2.6.24.