MGASA-2020-0414

Source
https://advisories.mageia.org/MGASA-2020-0414.html
Import Source
https://advisories.mageia.org/MGASA-2020-0414.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2020-0414
Related
Published
2020-11-13T21:20:36Z
Modified
2020-11-13T20:34:34Z
Summary
Updated lilypond package fixes a security vulnerability
Details

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. (CVE-2020-17353)

References
Credits

Affected packages

Mageia:7 / lilypond

Package

Name
lilypond
Purl
pkg:rpm/mageia/lilypond?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.19.83-1.1.mga7

Ecosystem specific

{
    "section": "core"
}