[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#949630: marked as done (CVE-2019-19601)

Your message dated Thu, 23 Jan 2020 11:42:44 +0900
with message-id <20200123024244.ftg3n27fnils2qve@bulldog.preining.info>
and subject line Re: Bug#949630: CVE-2019-19601
has caused the Debian Bug report #949630,
regarding CVE-2019-19601
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
949630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949630
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: texlive-bin
Severity: important
Tags: security

This was assigned CVE-2019-19601 and appears to be shipped as part of texlive-bin:
https://github.com/pkubowicz/opendetex/issues/60

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
On Wed, 22 Jan 2020, Moritz Muehlenhoff wrote:
> This was assigned CVE-2019-19601 and appears to be shipped as part of texlive-bin:
> https://github.com/pkubowicz/opendetex/issues/60

Only happens in the non-kpathsea code path, which Debian is not using.
The sprintf are the
	#ifndef KPATHSEA

Closing this bug, but suggesting a fix on the github issue for the
non-kpathsea case.

Best

Norbert

--
PREINING Norbert                               http://www.preining.info
Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

--- End Message ---
Reply to: