This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] texlive
- From: Ken Brown <kbrown at cornell dot edu>
- To: cygwin-apps at cygwin dot com
- Date: Sat, 13 Jun 2015 09:06:33 -0400
- Subject: Re: [SECURITY] texlive
- Authentication-results: sourceware.org; auth=none
- References: <1432836946 dot 3856 dot 40 dot camel at cygwin dot com>
On 5/28/2015 2:15 PM, Yaakov Selkowitz wrote:
Ken,
An insecure usage of /tmp has been reported in mktexlsr:
https://bugzilla.redhat.com/show_bug.cgi?id=1181167
http://pkgs.fedoraproject.org/cgit/texlive.git/plain/texlive-bz979176.patch
This was discussed upstream starting at
http://tug.org/mailman/htdig/tlbuild/2015q1/003104.html
and it was decided *not* to apply this patch to TeX Live 2015. After
reading the discussion, however, I've decided to apply the patch to the
Cygwin build. I expect to release this around July 1, right after
perl-5.22 is released. (I'm delaying in order to avoid hassles with biber.)
Ken