Source: texlive-bin Version: 2026.20260303.78225+ds-4 Severity: important Tags: upstream
Dear Maintainer, TL 2026 introduced a new tool called xdvipsk. That tool introduces a local copy of libjpeg & libtiff, which had few security issues in the past. We should therefore avoid linking statically with these libs, instead use the libs, which are anyway on the system. I've reported that request already at upstream [1], they said they have a patch for this; we "just" have to implement it. Hilmar [1] https://github.com/vtex-soft/xdvipsk/issues/18 -- System Information: Debian Release: 13.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: arm64 (aarch64) Foreign Architectures: armhf Kernel: Linux 6.18.29+rpt-rpi-2712 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
signature.asc
Description: PGP signature
