Fix CVE-2023-32700

2023-07-03 17:17:54 +08:00 · 2023-07-03 17:17:54 +08:00 · dffc2eca90
commit dffc2eca90
parent a62cbe6421
2 changed files with 1321 additions and 1 deletions
--- a/CVE-2023-32700.patch
+++ b/CVE-2023-32700.patch
--- a/texlive-base.spec
+++ b/texlive-base.spec
@ -4,7 +4,7 @@

 Name:           texlive-base
 Version:        20210325
-Release:        5
+Release:        6
 Epoch:          9
 Summary:        TeX formatting system
 License:        ASL 2.0 and LGPL-2.1-only and Zlib and OFL-1.1 and Public Domain and LGPL-2.0-only and GPLv2+ and MPL-1.1 and Libpng and LGPL-3.0-only and BSL-1.0 and GPLv2 and GPLv3 and CPL-1.0 and IJG and MIT and LPPL-1.3c and ICU and psutils
@ -427,6 +427,7 @@ Patch0030:      texlive-base-20200327-out-of-memory.patch
 Patch0032:      texlive-base-20210325-mendex-weird-arch-fixes.patch
 Patch0033:      texlive-base-20210325-no-setpdfwrite.patch

+Patch0034:      CVE-2023-32700.patch

 BuildRequires:  xz libXaw-devel libXi-devel ncurses-devel bison flex file perl(Digest::MD5) texinfo gcc-c++
 BuildRequires:  gd-devel freetype-devel libpng-devel zlib-devel potrace-devel
@ -8651,6 +8652,9 @@ yes | %{_bindir}/updmap-sys --quiet --syncwithtrees >/dev/null 2>&1 || :
 %doc %{_datadir}/texlive/texmf-dist/doc/latex/yplan/

 %changelog
+* Mon Jul 03 2023 yaoxin <yao_xin001@hoperun.com> - 9:20210325-6
+- Fix CVE-2023-32700
+
 * Sat Mar 4 2023 Wenlong Zhang <zhangwenlong@loongson.cn> - 9:20210325-5 
 - fix build error for loongarch64