LuaTeX vulnerability issue This issue affects TeX Live 2017–2022 and the original release of TeX Live 2023
Hello list
I'm not currently running the prepackaged TeXLive but thought of mentioning it after checking https://git.alpinelinux.org/aports/commit/community/texlive?id=e24d7c64eca0b98834fdd5cfacad0a6a0ce5f59a
Affected Configurations LuaTeX LuaTeX versions 1.04–1.16.1 are affected by this vulnerability.
LuaTeX versions 1.17.0 (2023-04-29) and newer are not affected by this vulnerability. LuaTeX versions prior to and including 1.03 (2017-02-16) are also not affected.
If you have an unversioned LuaTeX built from source, commit 4d8b815d introduced the issue on 2017-03-01, and commits 5650c067 and b8b71a25 resolved the issue on 2023-04-24.
This vulnerability affects all 4 LuaTeX engines: LuaTeX, LuaHBTeX, LuaJITTeX, and LuaJITHBTeX.
Distributions This issue affects TeX Live 2017–2022 and the original release of TeX Live 2023. Beginning on 2023-05-02, TeX Live 2023 distributed the latest version of LuaTeX that is not vulnerable to this issue.
This issue also affects MiKTeX 2.9.6300–23.4. On 2023-05-05, MiKTeX 23.5 distributed the latest version of LuaTeX that is not vulnerable to this issue.
Other unnamed distributions are also affected. To check if your specific installation is affected, check luatex --version or test the exploit code.
You can read more about it at