Updated lilypond package fixes a security vulnerability
Publication date: 13 Nov 2020Modification date: 13 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-17353
Description
It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. (CVE-2020-17353)
References
SRPMS
7/core
- lilypond-2.19.83-1.1.mga7