MGASA-2020-0414

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0414.html

Import Source

https://advisories.mageia.org/MGASA-2020-0414.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0414

Related

CVE-2020-17353

Published

2020-11-13T21:20:36Z

Modified

2020-11-13T20:34:34Z

Summary

Updated lilypond package fixes a security vulnerability

Details

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. (CVE-2020-17353)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / lilypond

Package

Name: lilypond
Purl: pkg:rpm/mageia/lilypond?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.19.83-1.1.mga7

Ecosystem specific

{
    "section": "core"
}