13 matches found
OPENSUSE-SU-2020:1506-1 Security update for lilypond
This update for lilypond fixes the following issues: - CVE-2020-17353: When -dsafe is used, LilyPond lacks restrictions on embedded-ps and embedded-svg boo1174949. This update was imported from the openSUSE:Leap:15.2:Update update project...
Security update for lilypond (moderate)
openSUSE Security Update: Security update for lilypond Announcement ID: openSUSE-SU-2020:1506-1 Rating: moderate References: 1174949 Cross-References: CVE-2020-17353 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description: This update...
openSUSE Security Update : lilypond (openSUSE-2020-1453)
This update for lilypond fixes the following issues : - CVE-2020-17353: When -dsafe is used, LilyPond lacks restrictions on embedded-ps and embedded-svg boo1174949. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE: Security Advisory for lilypond (openSUSE-SU-2020:1453-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:1453-1 Security update for lilypond
This update for lilypond fixes the following issues: - CVE-2020-17353: When -dsafe is used, LilyPond lacks restrictions on embedded-ps and embedded-svg boo1174949...
Security update for lilypond (moderate)
openSUSE Security Update: Security update for lilypond Announcement ID: openSUSE-SU-2020:1453-1 Rating: moderate References: 1174949 Cross-References: CVE-2020-17353 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available...
Debian DSA-4756-1 : lilypond - security update
Faidon Liambotis discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. C Tenab...
[SECURITY] [DSA 4756-1] lilypond security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4756-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 29, 2020 https://www.debian.org/security/faq -...
Fedora 31 : lilypond (2020-7cd08d85ce)
Patch for CVE-2020-17353 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Securit...
UBUNTU-CVE-2020-17353
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...
CVE-2020-17353
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...
CVE-2020-17353
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...
CVE-2020-17353
CVE-2020-17353 affects LilyPond up to 2.20.0 and 2.21.x up to 2.21.4. When -dsafe is used, LilyPond does not restrict embedded-ps and embedded-svg, enabling execution of arbitrary PostScript/SVG content as demonstrated by vulnerable inputs. Publicly documented fixes across multiple distros includ...