Ubuntu offerring TL updates

Paulo Ney DE SOUZA paulo at berkeley.edu
Sat Jun 3 15:12:00 CEST 2023 

Hi Kotucha,

The problem is I do NOT have a Ubuntu TL installation on this machine. It
looks like Ubuntu is doinga some creative digging on what the machine needs.

There are many things you can, inadvertently do, and acquire an Ubuntu TL
as a present -- not the case here, this is a brand new machine with TUG TL
22 and 23.

Paulo Ney



On Sat, Jun 3, 2023, 1:58 AM Reinhard Kotucha <reinhard.kotucha at gmx.de>
wrote:

> On 2023-06-02 at 22:41:52 -0700, Paulo Ney DE SOUZA wrote:
>
>  > What does it mean when you install TL 2023 from TUG, and then, all of a
>  > sudden, Ubuntu starts offering Security Updates for it?
>  >
>  > [image: Screenshot from 2023-06-02 21-25-52.png]
>  >
>  > Should one take it???
>
> Hi Paulo,
> you obviously have two TeX Live distributions installed.  You can
> safely install the updates, they have no impact on your installation
> from TUG.
>
> I suppose it's about this:
>
>  > -
> -------------------------------------------------------------------------
>  > Debian Security Advisory DSA-5406-1
> security at debian.org
>  > https://www.debian.org/security/                     Salvatore
> Bonaccorso
>  > May 20, 2023
> https://www.debian.org/security/faq
>  > -
> -------------------------------------------------------------------------
>  >
>  > Package        : texlive-bin
>  > CVE ID         : CVE-2023-32700
>  >
>  > Max Chernoff discovered that improperly secured shell-escape in LuaTeX
>  > may result in arbitrary shell command execution, even with shell escape
>  > disabled, if specially crafted tex files are processed.
>  >
>  > For the stable distribution (bullseye), this problem has been fixed in
>  > version 2020.20200327.54578-7+deb11u1.
>  >
>  > We recommend that you upgrade your texlive-bin packages.
>  >
>  > For the detailed security status of texlive-bin please refer to its
>  > security tracker page at:
>  > https://security-tracker.debian.org/tracker/texlive-bin
>  >
>  > Further information about Debian Security Advisories, how to apply
>  > these updates to your system and frequently asked questions can be
>  > found at: https://www.debian.org/security/
>  >
>  > Mailing list: debian-security-announce at lists.debian.org
>
> You can follow the links therein for more information.
>
> Regards,
>   Reinhard
>
> --
> ------------------------------------------------------------------
> Reinhard Kotucha                            Phone: +49-511-3373112
> Marschnerstr. 25
> D-30167 Hannover                    mailto:reinhard.kotucha at gmx.de
> ------------------------------------------------------------------
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20230603/9fa15bac/attachment.htm>

More information about the tex-live mailing list.