Описание
Security update for lilypond
This update for lilypond fixes the following issues:
- CVE-2020-17353: When -dsafe is used, LilyPond lacks restrictions on embedded-ps and embedded-svg (boo#1174949).
Список пакетов
SUSE Package Hub 15 SP2
lilypond-2.20.0-bp152.2.5.6
lilypond-doc-2.20.0-lp152.2.5.10
lilypond-doc-cs-2.20.0-lp152.2.5.10
lilypond-doc-de-2.20.0-lp152.2.5.10
lilypond-doc-es-2.20.0-lp152.2.5.10
lilypond-doc-fr-2.20.0-lp152.2.5.10
lilypond-doc-hu-2.20.0-lp152.2.5.10
lilypond-doc-it-2.20.0-lp152.2.5.10
lilypond-doc-ja-2.20.0-lp152.2.5.10
lilypond-doc-nl-2.20.0-lp152.2.5.10
lilypond-doc-zh-2.20.0-lp152.2.5.10
lilypond-emmentaler-fonts-2.20.0-bp152.2.5.6
lilypond-fonts-common-2.20.0-bp152.2.5.6
lilypond-texgy-fonts-2.20.0-bp152.2.5.6
openSUSE Leap 15.2
lilypond-2.20.0-bp152.2.5.6
lilypond-doc-2.20.0-lp152.2.5.10
lilypond-doc-cs-2.20.0-lp152.2.5.10
lilypond-doc-de-2.20.0-lp152.2.5.10
lilypond-doc-es-2.20.0-lp152.2.5.10
lilypond-doc-fr-2.20.0-lp152.2.5.10
lilypond-doc-hu-2.20.0-lp152.2.5.10
lilypond-doc-it-2.20.0-lp152.2.5.10
lilypond-doc-ja-2.20.0-lp152.2.5.10
lilypond-doc-nl-2.20.0-lp152.2.5.10
lilypond-doc-zh-2.20.0-lp152.2.5.10
lilypond-emmentaler-fonts-2.20.0-bp152.2.5.6
lilypond-fonts-common-2.20.0-bp152.2.5.6
lilypond-texgy-fonts-2.20.0-bp152.2.5.6
Ссылки
- E-Mail link for openSUSE-SU-2020:1453-1
- SUSE Security Ratings
- SUSE Bug 1174949
- SUSE CVE CVE-2020-17353 page
Описание
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
Затронутые продукты
SUSE Package Hub 15 SP2:lilypond-2.20.0-bp152.2.5.6
SUSE Package Hub 15 SP2:lilypond-doc-2.20.0-lp152.2.5.10
SUSE Package Hub 15 SP2:lilypond-doc-cs-2.20.0-lp152.2.5.10
SUSE Package Hub 15 SP2:lilypond-doc-de-2.20.0-lp152.2.5.10
Ссылки
- CVE-2020-17353
- SUSE Bug 1174949