-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4756-1
security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 29, 2020
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : lilypond
CVE ID : CVE-2020-17353
Faidon Liambotis discovered that Lilypond, a program for typesetting
sheet music, did not restrict the inclusion of Postscript and SVG
commands when operating in safe mode, which could result in the
execution of arbitrary code when rendering a typesheet file with
embedded Postscript code.
For the stable distribution (buster), this problem has been fixed in
version 2.19.81+really-2.18.2-13+deb10u1.
We recommend that you upgrade your lilypond packages.
For the detailed security status of lilypond please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lilypond
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkNAACgkQEMKTtsN8 TjZpuQ//Xh9/Lsc/+M8vfyad+dqE4xo+fC2DGbY+AOsHExOcRfb8GJiBWSZxYger /gm/04GDAhwmNIpFEImC+rFHFfRpSemwLtWaie6dfngtjgRMehS2j2FSasQ4gUF9 ldfGbjV9Cow55801nXeOaG0RZZCkrdOopqVRjxxzOFNESW/J9GFZLNaV6IOrK5JO 5dzZKr2+9CZwx0kXlsqU7LZ2beyj/JgXKzP2vulwxnqrDRz6CU3sG3Jg0dFQbZym DIpcgYdUf1PgpRSnNyQEyePuwr+PgGRdgZIvnUPMNJ+cVi4M2qW6rcBLtQsHwkoq kTVtNmiqNXEStv4tKovLVVIgVOA4D5Shg5uBTkRe5NPz+pWlCHplBsJa5SvCLrf4 AFMg9KRlVElmZsK7+T6v0Y9QIayec8D+F5nkgz2D1e7JM+WbIjv0xaz3Uc754cHf GLUqPldf0SzWoJ1QEtlfr5O+4Pp6TIx0iS0FJC8zRdbhi+ZAwAD0Ba7qCl1jeHDi MOIgY/MqQExUwhz5aEJU8/rTRey6FhXq8ekmKzk/aPKyZo4d9lyJxLS8Byrh+MQo /YIp7aVWjpXGYjFRENk1hn7gZ3eha60vDaqA2heFMYa6UAGJ4B4Gf/FWr9frIrJ/ De0GqQoBoEKSuMkCaJZ/ABZwRcilCzpuvbcc7aU/rKladPpH3XA=
=cgrt
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)