openSUSE-SU-2022:0100-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:0100-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2022:0100-1
- Related
- Published
- 2022-03-31T10:01:29Z
- Modified
- 2022-03-31T10:01:29Z
- Summary
- Security update for abcm2ps
- Details
-
This update for abcm2ps fixes the following issues:
Update to 8.14.13:
- fix: don't start/stop slurs above/below decorations
- fix: crash when too many notes in a grace note sequence (#102)
- fix: crash when too big value in M: (#103)
- fix: loop or crash when too big width of y (space) (#104)
- fix: bad font definition with SVG output when spaces in font name
- fix: bad check of note length again (#106)
- fix: handle %%staffscale at the global level (#108)
- fix: bad vertical offset of lyrics when mysic line starts with empty staves
Update to 8.14.12:
Fixes:
- crash when '%%break 1' and no measure bar in the tune
- crash when duplicated voice ending on %%staves with repeat variant
- crash when voice duplication with symbols without width
- crash or bad output when null value in %%scale
- problem when only bars in 2 voices followed %%staves of the second voice only
- crash when tuplet error in grace note sequence
- crash when grace note with empty tuplet
- crash when many broken rhythms after a single grace note
- access outside the deco array when error in U:
- crash when !xstem! with no note in the previous voice
- crash on tuplet without any note/rest
- crash when grace notes at end of line and voice overlay
- crash when !trem2! at start of a grace note sequence
- crash when wrong duration in 2 voice overlays and bad ties
- crash when accidental without a note at start of line after K: (CVE-2021-32435)
- array overflow when wrong duration in voice overlay (CVE-2021-32434, CVE-2021-32436)
- loss of left margin after first page since previous commit
- no respect of %%leftmargin with -E or -g
- bad placement of chord symbols when in a music line with only invisible rests
Syntax:
- Accept and remove one or two '%'s at start of all %%beginxxx lines
Generation:
- Move the CSS from XHTML to SVG
Update to 8.14.11:
- fix: error ''staffwidth' too small' when generating sample3.abc
Update to 8.14.10:
- fix: bad glyph when defined by SVG containing 'v' in
- fix: bad check of note length since commit 191fa55
- fix: memory corruption when error in %%staves/%%score
- fix: crash when too big note duration
- fix: crash when staff width too small
Update to 8.14.9:
- fix: bad natural accidental when %%MIDI temperamentequal
Update to 8.14.8:
- fix: no respect the width in %%staffbreak
- fix: don't draw a staff when only %%staffbreak inside
- fix: bad repeat bracket when continued on next line, line starting by a bar
- fix: bad tuplet bracket again when at end of a voice overlay sequence
- fix: bad tuplet bracket when at end of a voice overlay sequence
- handle '%%MIDI temperamentequal '
- accept '^1' and '_1' as microtone accidentals
- References
Affected packages
SUSE:Package Hub 15 SP3 / abcm2ps
Package
- Name
- abcm2ps
- Purl
- pkg:rpm/suse/abcm2ps&distro=SUSE%20Package%20Hub%2015%20SP3