[texlive-nonbin] 01/01: include changes for 2014.20141024-2+deb8u1

To: debian-tex-maint@lists.debian.org
Subject: [texlive-nonbin] 01/01: include changes for 2014.20141024-2+deb8u1
From: Norbert Preining <preining@debian.org>
Date: Wed, 08 Mar 2017 06:58:28 +0000
Message-id: <[🔎] E1clVYK-00058q-Da@moszumanska.debian.org>
Reply-to: Norbert Preining <preining@debian.org>
In-reply-to: <[🔎] 20170308065825.19674.68746@moszumanska.debian.org>
References: <[🔎] 20170308065825.19674.68746@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

preining pushed a commit to branch for-jessie
in repository texlive-nonbin.

commit 04662c143bb82870c2614014ca7e6fccf403c8ca
Author: Norbert Preining <preining@debian.org>
Date:   Wed Mar 8 15:52:04 2017 +0900

    include changes for 2014.20141024-2+deb8u1
---
 texlive-base/debian/changelog                                |  6 ++++++
 texlive-base/debian/patches/fix-tex-arbitrary-code-execution | 10 ++++++++++
 texlive-base/debian/patches/series                           |  1 +
 3 files changed, 17 insertions(+)

diff --git a/texlive-base/debian/changelog b/texlive-base/debian/changelog
index ecf2084..6a5df3b 100644
--- a/texlive-base/debian/changelog
+++ b/texlive-base/debian/changelog
@@ -1,3 +1,9 @@
+texlive-base (2014.20141024-2+deb8u1) jessie-security; urgency=high
+
+  * remove mpost from list of shell_escape_commands (CVE-2016-10243)
+
+ -- Norbert Preining <preining@debian.org>  Mon, 06 Mar 2017 09:00:57 +0900
+
 texlive-base (2014.20141024-2) unstable; urgency=medium
 
   * texlive-xetex (polyglossia) needs texlive-latex-extra (Closes: #767887)
diff --git a/texlive-base/debian/patches/fix-tex-arbitrary-code-execution b/texlive-base/debian/patches/fix-tex-arbitrary-code-execution
new file mode 100644
index 0000000..2fbf0c9
--- /dev/null
+++ b/texlive-base/debian/patches/fix-tex-arbitrary-code-execution
@@ -0,0 +1,10 @@
+--- texlive-base-2014.20141024.orig/texmf-dist/web2c/texmf.cnf
++++ texlive-base-2014.20141024/texmf-dist/web2c/texmf.cnf
+@@ -535,7 +535,6 @@
+ bibtex,bibtex8,\
+ kpsewhich,\
+ makeindex,\
+-mpost,\
+ repstopdf,\
+ 
+ % we'd like to allow:
diff --git a/texlive-base/debian/patches/series b/texlive-base/debian/patches/series
index 58f5fc1..0514a40 100644
--- a/texlive-base/debian/patches/series
+++ b/texlive-base/debian/patches/series
@@ -31,3 +31,4 @@ mptopdf-manpage-fixes
 # fix-listings-bug
 latex-update
 tools-update
+fix-tex-arbitrary-code-execution

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-tex/texlive-nonbin.git

Reply to:

References:
- [texlive-nonbin] branch for-jessie updated (ae0d6c5 -> 04662c1)
  - From: Norbert Preining <preining@debian.org>

Prev by Date: texlive-base_2014.20141024-2+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new
Next by Date: [texlive-nonbin] branch for-jessie updated (ae0d6c5 -> 04662c1)
Previous by thread: [texlive-nonbin] branch for-jessie updated (ae0d6c5 -> 04662c1)
Next by thread: [texlive-nonbin] branch master updated (0b763af -> 46de1a5)
Index(es):
- Date
- Thread