id summary reporter owner description type status priority milestone component version severity resolution keywords cc 11223 texlive, fix for CVE-2018-17407 ken@… ken@… "An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex. This applies to past years too. Binary users should obviously update. I found a patch at fedora (couldn't get anywhere in texlive svn). But (on 8.3) failed to build with -j8. Retrying with -j1. Note that debian-unstable and testing seem to be using *current* svn, and I noticed they had issues with some libraries. " enhancement closed high 8.4 BOOK SVN normal fixed