------------------------------------------------------------------------- Debian LTS Advisory DLA-3427-2 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany May 31, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : texlive-bin Version : 2018.20181218.49446-1+deb10u2 CVE ID : CVE-2019-18604 Debian Bug : 1036891 It was discovered that the patch to fix CVE-2023-32700 in texlive-bin, released as DLA-3427-1, was incomplete and caused an error when running the lualatex command. The following security vulnerability has been addressed as well. CVE-2019-18604 A flaw was found in axohelp in axodraw2. The sprintf function is mishandled which may cause a stack overflow error. For Debian 10 buster, this problem has been fixed in version 2018.20181218.49446-1+deb10u2. We recommend that you upgrade your texlive-bin packages. For the detailed security status of texlive-bin please refer to its security tracker page at: https://security-tracker.debian.org/tracker/texlive-bin Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part