Launchpad.net

CVE 2016-10243

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

See the CVE page on Mitre.org for more details.