Ubuntu Security Notice 1103-1 - Mathias Svensson discovered that the tex-common package contains an insecure shell_escape_commands configuration item. If a user or automated system were tricked into opening a specially crafted TeX file, a remote attacker could execute arbitrary code with user privileges.
83801b98f0404790171929036651a1a465deda4d36f504fa5bc2f7e78782519d
Debian Linux Security Advisory 2198-1 - Mathias Svensson discovered that tex-common, a package shipping a number of scripts and configuration files necessary for TeX, contains insecure settings for the "shell_escape_commands" directive. Depending on the scenario, this may result in arbitrary code execution when a victim is tricked into processing a malicious tex-file or this is done in an automated fashion.
564f9351c85c330d2c5bf614132230874365c687d2f1b6c2f240daa055e5eb34