This update for texlive fixes the following issue:
- CVE-2018-17407: Prevent buffer overflow when handling of Type 1 fonts
allowed arbitrary code execution when a malicious font was loaded by one
of the vulnerable tools: pdflatex, pdftex, dvips, or luatex (bsc#1109673)