MGASA-2020-0414

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0414.html

Import Source

https://advisories.mageia.org/MGASA-2020-0414.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0414

Related

CVE-2020-17353

Published

2020-11-13T21:20:36Z

Modified

2020-11-13T20:34:34Z

Summary

Updated lilypond package fixes a security vulnerability

Details

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. (CVE-2020-17353)

References

https://advisories.mageia.org/MGASA-2020-0414.html
https://bugs.mageia.org/show_bug.cgi?id=27174
https://www.debian.org/security/2020/dsa-4756
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QG2JUV4UTIA27JUE6IZLCEFP5PYSFPF4/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0414

Affected packages