VYPR

rpm package

opensuse/lilypond&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/lilypond&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2020-17353Aug 5, 2020
    affected < 2.23.3-1.3fixed 2.23.3-1.3

    scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.

  • CVE-2018-10992CriMay 11, 2018
    affected < 2.23.3-1.3fixed 2.23.3-1.3

    lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument,