it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Kunal Mehta <legoktm AT debian.org>
- To: mediawiki-announce AT lists.wikimedia.org
- Subject: [IT-SecNots] [MediaWiki-announce] Extension:Score security advisory
- Date: Mon, 23 Aug 2021 11:14:50 -0700
- Archived-at: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/message/L4DN5HUECAGWV2UQARGKQ4J4NY6QMHHX/>
- Authentication-results: mail02.piratenpartei.de; dkim=pass header.d=lists.wikimedia.org header.s=wikimedia header.b=sCq8nbnW; dmarc=none; spf=pass (mail02.piratenpartei.de: domain of mediawiki-announce-bounces AT lists.wikimedia.org designates 208.80.154.21 as permitted sender) smtp.mailfrom=mediawiki-announce-bounces AT lists.wikimedia.org
- List-archive: <https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce AT lists.wikimedia.org/>
- List-id: MediaWiki update and security announcements list <mediawiki-announce.lists.wikimedia.org>
Hi everyone,
In July 2020, vulnerabilities that allowed for remote code execution were discovered within the Score extension [0], which primarily uses LilyPond [1] to provide musical scores on-wiki. Futher investgation found more vulnerabilities within LilyPond and firejail.
We are now publishing a security advisory for the Score extension with information about the discovered vulnerabilities and information regarding how to secure Score using Shellbox [3]. Please refer to that for information on how to set up the Score extension in a secure manner.
Thanks,
[0] https://www.mediawiki.org/wiki/Extension:Score
[1] https://lilypond.org/
[2] https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to:
- [IT-SecNots] [MediaWiki-announce] Extension:Score security advisory, Kunal Mehta, 23.08.2021
Archiv bereitgestellt durch MHonArc 2.6.24.