Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 906712 (CVE-2023-32668, CVE-2023-32700) - <app-text/texlive-core-2021-r7: multiple vulnerabilities
Summary: <app-text/texlive-core-2021-r7: multiple vulnerabilities
Alias: CVE-2023-32668, CVE-2023-32700
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [stable]
Depends on: 907240 836779
  Show dependency tree
Reported: 2023-05-19 03:15 UTC by John Helmert III
Modified: 2023-07-07 15:27 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-19 03:15:55 UTC
CVE-2023-32668 (

LuaTeX before 1.17.0 enables the socket library by default.

There is also CVE-2023-32700, which is remote code execution fixed in
luatex-1.17.0, though I'm not certain how that maps to our versioning.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-19 05:14:42 UTC
commit 96fe8d6e52f342b6764536aca58ddd563df3e278 (HEAD -> master, origin/master, origin/HEAD)
Author: Sam James <>
Date:   Fri May 19 06:01:11 2023 +0100

    app-text/texlive-core: patch CVE-2023-32700

    This does not fix CVE-2023-32668 which changes behaviour so must be handled
    in a new version (>= 2023).

    Signed-off-by: Sam James <>
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-20 03:30:30 UTC
CVE-2023-32668 will need us to bump to TL-2023.