29915 – texlive security issues due to embedded log4j

Bug 29915 - texlive security issues due to embedded log4j

Summary: texlive security issues due to embedded log4j

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Marc Krämer
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-01-20 20:05 CET by David Walser
Modified:	2023-09-07 21:09 CEST (History)
CC List:	0 users

See Also:
Source RPM:	texlive-20210325-3.mga9.src.rpm
CVE:
Status comment:	Patch available from Fedora

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-01-20 20:05:49 CET

Fedora has issued an advisory today (January 20):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQVHB5NDIZBYQOOR27366WCAOCDOXUI3/

Mageia 8 may also be affected.

David Walser 2022-01-20 20:06:06 CET

Status comment: (none) => Patch available from Fedora
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-01-20 20:21:29 CET

Assigning this to SRPM packager MarcK.

Assignee: bugsquad => mageia

Comment 2 Marc Krämer 2022-01-21 11:09:11 CET

like fedora says, it is not very likely this will/can be exploited.
As this is just a tool running on command line to automate compile of tex. It is not worth patching this for mga8.

Comment 3 Marc Krämer 2022-01-21 11:16:14 CET

checked mga8: no log4j; logback is used here.

Marc Krämer 2022-01-21 11:16:19 CET

Whiteboard: MGA8TOO => (none)

Comment 4 Marc Krämer 2023-09-07 21:09:52 CEST

no need to fix this.

Resolution: (none) => WONTFIX
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.