Comment 8 for bug 2047912

I have marked this bug as public because the public domain already contains information about this TeX Live issue (as seen in the GitHub issue and upstream changelog).

@dongzhuo, could you please contact the upstream (either in the existing PR or via their mailing list) to confirm that they (1) recognize this issue as a vulnerability impacting the security of their software (and not just a functional bug), and (2) do not have any other CVE ID assignment process already established? The latter is important because some projects prefer contacting MITRE for the assignment.