* [SECURITY] texlive
@ 2015-05-28 18:15 Yaakov Selkowitz
2015-05-28 20:40 ` Ken Brown
2015-06-13 13:06 ` Ken Brown
0 siblings, 2 replies; 3+ messages in thread
From: Yaakov Selkowitz @ 2015-05-28 18:15 UTC (permalink / raw)
To: cygwin-apps
Ken,
An insecure usage of /tmp has been reported in mktexlsr:
https://bugzilla.redhat.com/show_bug.cgi?id=1181167
http://pkgs.fedoraproject.org/cgit/texlive.git/plain/texlive-bz979176.patch
--
Yaakov
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [SECURITY] texlive
2015-05-28 18:15 [SECURITY] texlive Yaakov Selkowitz
@ 2015-05-28 20:40 ` Ken Brown
2015-06-13 13:06 ` Ken Brown
1 sibling, 0 replies; 3+ messages in thread
From: Ken Brown @ 2015-05-28 20:40 UTC (permalink / raw)
To: cygwin-apps
On 5/28/2015 2:15 PM, Yaakov Selkowitz wrote:
> Ken,
>
> An insecure usage of /tmp has been reported in mktexlsr:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1181167
> http://pkgs.fedoraproject.org/cgit/texlive.git/plain/texlive-bz979176.patch
Thanks for the heads-up. I'm on vacation, but I'll look at this (and the
preview-latex issue) when I return in a couple weeks.
Ken
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [SECURITY] texlive
2015-05-28 18:15 [SECURITY] texlive Yaakov Selkowitz
2015-05-28 20:40 ` Ken Brown
@ 2015-06-13 13:06 ` Ken Brown
1 sibling, 0 replies; 3+ messages in thread
From: Ken Brown @ 2015-06-13 13:06 UTC (permalink / raw)
To: cygwin-apps
On 5/28/2015 2:15 PM, Yaakov Selkowitz wrote:
> Ken,
>
> An insecure usage of /tmp has been reported in mktexlsr:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1181167
> http://pkgs.fedoraproject.org/cgit/texlive.git/plain/texlive-bz979176.patch
This was discussed upstream starting at
http://tug.org/mailman/htdig/tlbuild/2015q1/003104.html
and it was decided *not* to apply this patch to TeX Live 2015. After
reading the discussion, however, I've decided to apply the patch to the
Cygwin build. I expect to release this around July 1, right after
perl-5.22 is released. (I'm delaying in order to avoid hassles with biber.)
Ken
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-06-13 13:06 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-28 18:15 [SECURITY] texlive Yaakov Selkowitz
2015-05-28 20:40 ` Ken Brown
2015-06-13 13:06 ` Ken Brown
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).