{"id":"MGASA-2020-0414","summary":"Updated lilypond package fixes a security vulnerability","details":"It was discovered that Lilypond, a program for typesetting sheet music, did\nnot restrict the inclusion of Postscript and SVG commands when operating in\nsafe mode, which could result in the execution of arbitrary code when rendering\na typesheet file with embedded Postscript code.\n(CVE-2020-17353)\n","modified":"2026-04-16T00:08:55.043305140Z","published":"2020-11-13T21:20:36Z","upstream":["CVE-2020-17353"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0414.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27174"},{"type":"WEB","url":"https://www.debian.org/security/2020/dsa-4756"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QG2JUV4UTIA27JUE6IZLCEFP5PYSFPF4/"}],"affected":[{"package":{"name":"lilypond","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/lilypond?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19.83-1.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0414.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}