"A buffer overflow in the handling of Type 1 fonts (.pfb files) allows arbitrary local code execution without privilege escalation when a malicious font is loaded by one of the vulnerable tools (pdflatex, pdftex, luatex, dvips)." * Upstream fix: https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c * Scouted at: https://seclists.org/oss-sec/2018/q4/23 Will post more links as I find them. -- Gentoo Security Scout Vladimir Krstulja
Maintainer(s), please advise if this has been fixed.
(In reply to Yury German from comment #1) > Maintainer(s), please advise if this has been fixed. Fixed by having 2019 texlive release stable.
GLSA Vote: No