Bug#949630: CVE-2019-19601

To: Norbert Preining <preining@logic.at>
Cc: 949630@bugs.debian.org
Subject: Bug#949630: CVE-2019-19601
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 23 Jan 2020 08:54:29 +0100
Message-id: <[🔎] 20200123075428.xlv5aa7lwhvbujjy@inutil.org>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 949630@bugs.debian.org
In-reply-to: <20200123024244.ftg3n27fnils2qve@bulldog.preining.info>
References: <[🔎] 157973319526.32955.14917889777503917122.reportbug@hullmann.westfalen.local> <20200123024244.ftg3n27fnils2qve@bulldog.preining.info> <[🔎] 157973319526.32955.14917889777503917122.reportbug@hullmann.westfalen.local>

On Thu, Jan 23, 2020 at 11:42:44AM +0900, Norbert Preining wrote:
> On Wed, 22 Jan 2020, Moritz Muehlenhoff wrote:
> > This was assigned CVE-2019-19601 and appears to be shipped as part of texlive-bin:
> > https://github.com/pkubowicz/opendetex/issues/60
> 
> Only happens in the non-kpathsea code path, which Debian is not using.
> The sprintf are the
> 	#ifndef KPATHSEA
> 
> Closing this bug, but suggesting a fix on the github issue for the
> non-kpathsea case.

Thanks! I'll update the Debian Security Tracker.

Cheers,
        Moritz

Reply to:

References:
- Bug#949630: CVE-2019-19601
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Processed: bug 949630 is forwarded to https://github.com/pkubowicz/opendetex/issues/60 ...
Next by Date: Bug#946567: Mention of luahbtex in texlive-luatex description
Previous by thread: Bug#949630: marked as done (CVE-2019-19601)
Next by thread: Processed: bug 949630 is forwarded to https://github.com/pkubowicz/opendetex/issues/60 ...
Index(es):
- Date
- Thread