Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4756-1] lilypond security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4756-1] lilypond security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4756-1] lilypond security update
  • Date: Sat, 29 Aug 2020 17:38:52 +0000
  • List-archive: https://lists.debian.org/msgid-search/20200829173852.GA12113 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=vOKp8ZHh1cutvzw0InbF8h3d1JZ/GOLzRwdY6zTfQ2o=; b=gA aX1v/CMT916EUlW+BnH0niotXShUWtF/xyH233lZRAf3igAy28p+gZuITDhAgF7OCs5lnbIZDkOzC 79N/eNs87Y/hnfug3ibi8rqHiU/1IKPBzhKz0N7sp0rNPiQEMit9IBv9PwYH3mG1wtOBiZsnA+lQ1 teB301qcbZsypLIEPtB4d9+QlWROfvp5Flg5xrcg/eBZTItg48abSJOerqWpssBYVUnCBjiRwCJRj 3YFpdGni8pxfiVX3ExF1Gq4srcTThvHelV5I4cruaBwKVG9fokHuJDfQx90VcRbNg/UxHsck+UPBD c3gQFK9uAt1u17rqf4WRmff3dpD77SVQ==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sat, 29 Aug 2020 17:39:13 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <egDdK2Pg7cM.A.-uF.BLpSfB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4756-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 29, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : lilypond
CVE ID : CVE-2020-17353

Faidon Liambotis discovered that Lilypond, a program for typesetting
sheet music, did not restrict the inclusion of Postscript and SVG
commands when operating in safe mode, which could result in the
execution of arbitrary code when rendering a typesheet file with
embedded Postscript code.

For the stable distribution (buster), this problem has been fixed in
version 2.19.81+really-2.18.2-13+deb10u1.

We recommend that you upgrade your lilypond packages.

For the detailed security status of lilypond please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lilypond

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9KkNAACgkQEMKTtsN8
TjZpuQ//Xh9/Lsc/+M8vfyad+dqE4xo+fC2DGbY+AOsHExOcRfb8GJiBWSZxYger
/gm/04GDAhwmNIpFEImC+rFHFfRpSemwLtWaie6dfngtjgRMehS2j2FSasQ4gUF9
ldfGbjV9Cow55801nXeOaG0RZZCkrdOopqVRjxxzOFNESW/J9GFZLNaV6IOrK5JO
5dzZKr2+9CZwx0kXlsqU7LZ2beyj/JgXKzP2vulwxnqrDRz6CU3sG3Jg0dFQbZym
DIpcgYdUf1PgpRSnNyQEyePuwr+PgGRdgZIvnUPMNJ+cVi4M2qW6rcBLtQsHwkoq
kTVtNmiqNXEStv4tKovLVVIgVOA4D5Shg5uBTkRe5NPz+pWlCHplBsJa5SvCLrf4
AFMg9KRlVElmZsK7+T6v0Y9QIayec8D+F5nkgz2D1e7JM+WbIjv0xaz3Uc754cHf
GLUqPldf0SzWoJ1QEtlfr5O+4Pp6TIx0iS0FJC8zRdbhi+ZAwAD0Ba7qCl1jeHDi
MOIgY/MqQExUwhz5aEJU8/rTRey6FhXq8ekmKzk/aPKyZo4d9lyJxLS8Byrh+MQo
/YIp7aVWjpXGYjFRENk1hn7gZ3eha60vDaqA2heFMYa6UAGJ4B4Gf/FWr9frIrJ/
De0GqQoBoEKSuMkCaJZ/ABZwRcilCzpuvbcc7aU/rKladPpH3XA=
=cgrt
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4756-1] lilypond security update, Moritz Muehlenhoff, 29.08.2020

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang