Lucene search

K
suseSuseOPENSUSE-SU-2022:0100-1
HistoryMar 31, 2022 - 12:00 a.m.

Security update for abcm2ps (moderate)

2022-03-3100:00:00
lists.opensuse.org
14

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

An update that fixes three vulnerabilities is now available.

Description:

This update for abcm2ps fixes the following issues:

Update to 8.14.13:

  • fix: don’t start/stop slurs above/below decorations
  • fix: crash when too many notes in a grace note sequence (#102)
  • fix: crash when too big value in M: (#103)
  • fix: loop or crash when too big width of y (space) (#104)
  • fix: bad font definition with SVG output when spaces in font name
  • fix: bad check of note length again (#106)
  • fix: handle %%staffscale at the global level (#108)
  • fix: bad vertical offset of lyrics when mysic line starts with empty
    staves

Update to 8.14.12:

Fixes:

  • crash when “%%break 1” and no measure bar in the tune
  • crash when duplicated voice ending on %%staves with repeat variant
  • crash when voice duplication with symbols without width
  • crash or bad output when null value in %%scale
  • problem when only bars in 2 voices followed %%staves of the second voice
    only
  • crash when tuplet error in grace note sequence
  • crash when grace note with empty tuplet
  • crash when many broken rhythms after a single grace note
  • access outside the deco array when error in U:
  • crash when !xstem! with no note in the previous voice
  • crash on tuplet without any note/rest
  • crash when grace notes at end of line and voice overlay
  • crash when !trem2! at start of a grace note sequence
  • crash when wrong duration in 2 voice overlays and bad ties
  • crash when accidental without a note at start of line after K:
    (CVE-2021-32435)
  • array overflow when wrong duration in voice overlay (CVE-2021-32434,
    CVE-2021-32436)
  • loss of left margin after first page since previous commit
  • no respect of %%leftmargin with -E or -g
  • bad placement of chord symbols when in a music line with only invisible
    rests

Syntax:

  • Accept and remove one or two '%'s at start of all %%beginxxx lines

Generation:

  • Move the CSS from XHTML to SVG

Update to 8.14.11:

  • fix: error “‘staffwidth’ too small” when generating sample3.abc

Update to 8.14.10:

  • fix: bad glyph when defined by SVG containing ‘v’ in
  • fix: bad check of note length since commit 191fa55
  • fix: memory corruption when error in %%staves/%%score
  • fix: crash when too big note duration
  • fix: crash when staff width too small

Update to 8.14.9:

  • fix: bad natural accidental when %%MIDI temperamentequal

Update to 8.14.8:

  • fix: no respect the width in %%staffbreak
  • fix: don’t draw a staff when only %%staffbreak inside
  • fix: bad repeat bracket when continued on next line, line starting by a
    bar
  • fix: bad tuplet bracket again when at end of a voice overlay sequence
  • fix: bad tuplet bracket when at end of a voice overlay sequence
  • handle '%%MIDI temperamentequal ’
  • accept ‘^1’ and ‘_1’ as microtone accidentals

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15-SP3:

    zypper in -t patch openSUSE-2022-100=1

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

Related for OPENSUSE-SU-2022:0100-1