-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 20 May 2023 16:08:13 CEST Source: texlive-bin Architecture: source Version: 2018.20181218.49446-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian TeX Maintainers <debian-tex-maint@lists.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: fe0cbd1f853e8c85c7767bf0f80fd8450aae6723 3607 texlive-bin_2018.20181218.49446-1+deb10u1.dsc 5d60d6d1a91b8cfffd94d0724caca78d77668a64 21264524 texlive-bin_2018.20181218.49446.orig.tar.xz 06318e224ed73b2e46b4dbecf1511d63cc8fb971 1005692 texlive-bin_2018.20181218.49446-1+deb10u1.debian.tar.xz 50d87ccedc20a802db34d7e9e8c3ee3999fcdb61 18278 texlive-bin_2018.20181218.49446-1+deb10u1_amd64.buildinfo Checksums-Sha256: c77a3c4482732d8e0f08b67fa6014b4e0a33ca1f8cdbd5dd98dfe9ab30f67c66 3607 texlive-bin_2018.20181218.49446-1+deb10u1.dsc 8afcf62be6632b012dd21512bdd1f29e0d37ba14080548959222d454882ca5c5 21264524 texlive-bin_2018.20181218.49446.orig.tar.xz cf804af42b75a413427a37acfdf8324f4815979cf92a19b8839c1b0df375c939 1005692 texlive-bin_2018.20181218.49446-1+deb10u1.debian.tar.xz 8fedb54e90c3bf58af57fd0b985e74d453bf186a412e68f9187eb9d8cf316ccd 18278 texlive-bin_2018.20181218.49446-1+deb10u1_amd64.buildinfo Changes: texlive-bin (2018.20181218.49446-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2023-32700: Max Chernoff discovered that improperly secured shell-escape in LuaTeX may result in arbitrary shell command execution, even with shell escape disabled, if specially crafted tex files are processed. Files: 90deb8e70b558098075cb7eabad647a6 3607 tex optional texlive-bin_2018.20181218.49446-1+deb10u1.dsc be03f007a1da5d1dcfe07710f4310a17 21264524 tex optional texlive-bin_2018.20181218.49446.orig.tar.xz 711b468d74e2fd415d0566c33ba87de7 1005692 tex optional texlive-bin_2018.20181218.49446-1+deb10u1.debian.tar.xz 28ef7730901d3430e6bd911565b6843b 18278 tex optional texlive-bin_2018.20181218.49446-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmRo1FFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkmPUQALp8t6tGLqwaSu0z9g/c4/SFIhiQ68iHz37Q IZtyjhxwURUS5reNvxM+rUw208XyDkcGg1AuTzbNfUsRmUGidbBAR5uph4ruRJol ymBNl3HGWHSF7M30viYZ90rA3hNQwDbadnX5muNVJsaKMen6i5AyL7kiFFrsokD7 U/ouXxelIXhtHcKCPvn9/07zBTq1ziZMsonDN8XAfGhbL8gsDKgw1hSjku61YD/y 6qQW6wUmy6iP9jI4GEkAySwMajCTAs/Ut6IdWW9V+2PV/lw7FIWPAjSeg6mwk5Qw ooluGeEjILTI90RG2+RVH92BQUqfxNAsrnXMvl1YhekkI65rxTgIWqCrjxtw0OYM keZ4LQp3oQ4E1FsLyQUR7LM7HX8SEgJgBvznvnoa9fv77fWrLbfaUaJXV7n9pIkm X0jZp2suNBf4thnB+fBfufV7ALUhj6YbECJgfrkU41nrX+rRKVy1JPcVmpslKN/v +ji+IKMvmyq2v1BJk9XAFtBnctAXWKfntL3bob7fIqX7Pg4VieSWIC5nwfv89cSb fDHcBAgPq3hNXYBdOBwG9oniKgY0zIyWWIcwYfc/Ft3pRLMRZk6bw8n1Z3Hqiq2k x86gnrwCE9j3ETOHheJAadYe18mawkikQ2X07AiPrCVySUlI19qhop2qo5AEYPlP USauIWTH =0swr -----END PGP SIGNATURE-----
