SUSE Package Hub - openSUSE-2023-137

Update Info

openSUSE-2023-137

Security update for guile1, lilypond

Type: security

Severity: important

Issued: 2023-06-27

Description:

This update for guile1, lilypond fixes the following issues:

guile1:

- Add service file to download release from git excluding the
  directory with commercial non free files.
- Update to version 2.2.6 to enable lilypond to be updated to 
  2.24.1 to fix boo#1210502 and CVE-2020-17354.

lilypond:

- Update to version lilypond-2.24.1 to fix boo#1210502 -
  CVE-2020-17354: lilypond: Lilypond allows attackers to bypass 
  the -dsafe protection mechanism.

References

CVE: CVE-2020-17354
CVE: CVE-2016-8605
Bugzilla: 1210502 VUL-0: CVE-2020-17354: lilypond: Lilypond allows attackers to bypass the -dsafe protection mechanism

Packages

guile1-2.2.6-bp154.3.3.1

lilypond-2.24.1-bp154.2.3.2