Your message dated Fri, 11 May 2018 20:48:14 +0000
with message-id <[email protected]>
and subject line Bug#884136: fixed in lilypond 2.19.81-1~exp2
has caused the Debian Bug report #884136,
regarding lilypond: CVE-2017-17523
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
884136: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884136
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lilypond
Version: 2.18.2-4
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for lilypond.
For a description of the issue see [1], in the "Similar
vulnerabilities in other packages" section.
CVE-2017-17523[0]:
| lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings
| before launching the program specified by the BROWSER environment
| variable, which allows remote attackers to conduct argument-injection
| attacks via a crafted URL, as demonstrated by a --proxy-pac-file
| argument.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-17523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17523
[1] https://bugs.debian.org/881767
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: lilypond
Source-Version: 2.19.81-1~exp2
We believe that the bug you reported is fixed in the latest version of
lilypond, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Don Armstrong <[email protected]> (supplier of updated lilypond package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 10 May 2018 17:24:03 -0700
Source: lilypond
Binary: lilypond lilypond-data lilypond-doc lilypond-doc-pdf lilypond-doc-html
lilypond-doc-html-ca lilypond-doc-html-cs lilypond-doc-html-de
lilypond-doc-html-es lilypond-doc-html-fr lilypond-doc-html-hu
lilypond-doc-html-it lilypond-doc-html-ja lilypond-doc-html-nl
lilypond-doc-html-zh lilypond-doc-pdf-ca lilypond-doc-pdf-de
lilypond-doc-pdf-es lilypond-doc-pdf-fr lilypond-doc-pdf-hu lilypond-doc-pdf-it
lilypond-doc-pdf-nl
Architecture: source all amd64
Version: 2.19.81-1~exp2
Distribution: unstable
Urgency: medium
Maintainer: Don Armstrong <[email protected]>
Changed-By: Don Armstrong <[email protected]>
Description:
lilypond - program for typesetting sheet music
lilypond-data - LilyPond music typesetter (data files)
lilypond-doc - LilyPond Documentation in info format (and metapackage)
lilypond-doc-html - LilyPond HTML Documentation
lilypond-doc-html-ca - LilyPond HTML Documentation in Catalan
lilypond-doc-html-cs - LilyPond HTML Documentation in Czech
lilypond-doc-html-de - LilyPond HTML Documentation in German
lilypond-doc-html-es - LilyPond HTML Documentation in Spanish
lilypond-doc-html-fr - LilyPond HTML Documentation in French
lilypond-doc-html-hu - LilyPond HTML Documentation in Hungarian
lilypond-doc-html-it - LilyPond HTML Documentation in Italian
lilypond-doc-html-ja - LilyPond HTML Documentation in Japanese
lilypond-doc-html-nl - LilyPond HTML Documentation in Dutch
lilypond-doc-html-zh - LilyPond HTML Documentation in Chinese
lilypond-doc-pdf - LilyPond PDF Documentation
lilypond-doc-pdf-ca - LilyPond PDF Documentation in Catalan
lilypond-doc-pdf-de - LilyPond PDF Documentation in German
lilypond-doc-pdf-es - LilyPond PDF Documentation in Spanish
lilypond-doc-pdf-fr - LilyPond PDF Documentation in French
lilypond-doc-pdf-hu - LilyPond PDF Documentation in Hungarian
lilypond-doc-pdf-it - LilyPond PDF Documentation in Italian
lilypond-doc-pdf-nl - LilyPond PDF Documentation in Dutch
Closes: 884136
Changes:
lilypond (2.19.81-1~exp2) unstable; urgency=medium
.
* Switch lilypond-invoke-editor to use system* instead of system to fix
CVE-2017-17523 for non textedit:// URIs. (Closes: #884136)
Checksums-Sha1:
4bba1c4765174119d193fbbee22ebe6401add746 4296 lilypond_2.19.81-1~exp2.dsc
f1acc806cf785af604398d68363f3e8e6eefc581 54032
lilypond_2.19.81-1~exp2.debian.tar.xz
cb656a821932147c6f15d49740341fbaaaf5beaf 2298976
lilypond-data_2.19.81-1~exp2_all.deb
353063431c3fe7e0f3d8fc56b267debd382b7580 31718844
lilypond-dbgsym_2.19.81-1~exp2_amd64.deb
6231b70c6ec0c19ae578e35996a34c1d6bb96d71 1608552
lilypond-doc-html-ca_2.19.81-1~exp2_all.deb
a12c0a165788380da620924d15eadc3dfa284316 1335180
lilypond-doc-html-cs_2.19.81-1~exp2_all.deb
b28b14837d2e2e70e20442d8f17381a97c5697ba 1647824
lilypond-doc-html-de_2.19.81-1~exp2_all.deb
e1cb96ac277639ddf8979ea7846266a1e7d190b0 1746796
lilypond-doc-html-es_2.19.81-1~exp2_all.deb
0dfac2b759d4879ebca066803dccc3aae0b8fc4b 1764848
lilypond-doc-html-fr_2.19.81-1~exp2_all.deb
1507f2af560b35ff3ea63905a937d4a3bb73e4dc 1311720
lilypond-doc-html-hu_2.19.81-1~exp2_all.deb
61cb7c66b85ee2aa49dbd196d2db7eff1e537268 1584476
lilypond-doc-html-it_2.19.81-1~exp2_all.deb
65dfd0be276026c0fdb4afcec739303d28df660f 1671412
lilypond-doc-html-ja_2.19.81-1~exp2_all.deb
2d81b40044f58fb61ebfe56ad21d8f90a6caebaf 1314800
lilypond-doc-html-nl_2.19.81-1~exp2_all.deb
d2f8899198fe8989e4b3b40966bc05aac4a0c0d0 1292172
lilypond-doc-html-zh_2.19.81-1~exp2_all.deb
51d39a2f2cbba552fcecf2be64c501732ddbf45b 8877384
lilypond-doc-html_2.19.81-1~exp2_all.deb
53d59777c76daa21f8d0006c908cc87bfd0ae0d6 8859680
lilypond-doc-pdf-ca_2.19.81-1~exp2_all.deb
92edfc48f8b58ab662fe439f89f752d393c1252d 10228080
lilypond-doc-pdf-de_2.19.81-1~exp2_all.deb
8362c25ab6c737b30d448aca38453e2825339ec4 10741912
lilypond-doc-pdf-es_2.19.81-1~exp2_all.deb
7f8c7f1c230192d3760aba6243e557dd139d0818 10782272
lilypond-doc-pdf-fr_2.19.81-1~exp2_all.deb
fb7b8b459de990441d4e1e392127cb3bb350c7cf 4233484
lilypond-doc-pdf-hu_2.19.81-1~exp2_all.deb
b53d8d6c7f75811374d8d8b38fae83481da087a3 10454696
lilypond-doc-pdf-it_2.19.81-1~exp2_all.deb
32a7d6cad4ae36971e65558a9aaeedaa2bd0f53a 3116012
lilypond-doc-pdf-nl_2.19.81-1~exp2_all.deb
5a733d122a99ac1bcd50408ae9491121fff9ce01 18250168
lilypond-doc-pdf_2.19.81-1~exp2_all.deb
06ae1dc766eca50f75ddb1514a97ccb9f7529a9b 16606712
lilypond-doc_2.19.81-1~exp2_all.deb
8b8924869223e94c843eb43ea4599c1d553b0251 20953
lilypond_2.19.81-1~exp2_amd64.buildinfo
a5c43bf489a6d5cf6d7f38dda46c5d31382f8a84 2136000
lilypond_2.19.81-1~exp2_amd64.deb
Checksums-Sha256:
4ca4132c530158cdc648453906cf28370784afefa9ddf073a53a558677ec8885 4296
lilypond_2.19.81-1~exp2.dsc
ca84f327512fac59baaf002487b32a430caf60abcba059e442d02ac3c0516098 54032
lilypond_2.19.81-1~exp2.debian.tar.xz
d039b2d519a3df29249436115cca2fefad24f1a51b93328eccd579a3c807653e 2298976
lilypond-data_2.19.81-1~exp2_all.deb
03729a88995f9a7d19f73039f9b79a7744d3f9c4504da4766e1e41d3e5d8f8e8 31718844
lilypond-dbgsym_2.19.81-1~exp2_amd64.deb
4a542913ff33d393ad0902487a04b90ea8a7e2b5795914d71d6bc1d891b1cfdd 1608552
lilypond-doc-html-ca_2.19.81-1~exp2_all.deb
07134eda8a3e76fed6fa36e1c95cd57da58a26b789067c6e8e08625e3dfd25fa 1335180
lilypond-doc-html-cs_2.19.81-1~exp2_all.deb
37ddace8d29493f9a0f740f7b87d7739e8ba3da925d7331294507ce24423251a 1647824
lilypond-doc-html-de_2.19.81-1~exp2_all.deb
6e3a062301f765464636ae2adc797ed0f66529a78dc25125e09798e363952d0f 1746796
lilypond-doc-html-es_2.19.81-1~exp2_all.deb
8d4e00e5cb4f1a63fc50b6fe3b46dd794aa9ff2d95801ec436fe47707dbcdc4e 1764848
lilypond-doc-html-fr_2.19.81-1~exp2_all.deb
bb8f8d087ea6c2407e3f40f8f735e65cf3579ef7dfa519fb9918f85ef4e19108 1311720
lilypond-doc-html-hu_2.19.81-1~exp2_all.deb
653f3cf9a7e69478f1edb6f77c049b496eb23fa24a758f9845604aa5cf2f4609 1584476
lilypond-doc-html-it_2.19.81-1~exp2_all.deb
a1397577fce6a0dd5266423064db215d5e18e5ce10b24359d06d94078506cfd9 1671412
lilypond-doc-html-ja_2.19.81-1~exp2_all.deb
de4834d4c83b2ac899c881078a6fb457c8f04de1fb63c0a9f795f61bf1b6e594 1314800
lilypond-doc-html-nl_2.19.81-1~exp2_all.deb
db2e508a725d3415513c40f02e92b9deb2d4f11146549d2eb5c8e27993f7a3cf 1292172
lilypond-doc-html-zh_2.19.81-1~exp2_all.deb
c23f5ee75ac09503d6f9686b4fa7f034d89b353aa964ad6ed45da69bcb5eb51d 8877384
lilypond-doc-html_2.19.81-1~exp2_all.deb
de7bb851e671aaa751159e9b9a5d786d2b95ba64b0873c3c7daf34ebe7080943 8859680
lilypond-doc-pdf-ca_2.19.81-1~exp2_all.deb
7cbc05d9fc13c2eaa153ecb0381216df940466033ac7e5b97a69f42a673d0d48 10228080
lilypond-doc-pdf-de_2.19.81-1~exp2_all.deb
b5641c1063750dcbaa48e4c984e5424bc4554fb81f13bf1c03eca486795c7afd 10741912
lilypond-doc-pdf-es_2.19.81-1~exp2_all.deb
e04acad040822d6a44d1a7d16471020b3dce7591993ed8e69b12082e86ac84e8 10782272
lilypond-doc-pdf-fr_2.19.81-1~exp2_all.deb
b64cdfe7a478df6b7f65320f619b5a303cf243627db08467e7d1da425e313b43 4233484
lilypond-doc-pdf-hu_2.19.81-1~exp2_all.deb
7bfde9e97c9bd3253cba5e21606046912963d823f2684f4b5ea558506041e1e3 10454696
lilypond-doc-pdf-it_2.19.81-1~exp2_all.deb
3cbccd9804b7132ce1a3e30eb1ef893681bc8c7ff395c5a1a24c5253c5acd0be 3116012
lilypond-doc-pdf-nl_2.19.81-1~exp2_all.deb
e5ab358f6d437df70f0a27da5f8a9be40f06519d1d218fd0927498a84c109739 18250168
lilypond-doc-pdf_2.19.81-1~exp2_all.deb
fc34ff30f8e14c0f3e4ebe077576bdf5350425b02b369560e0d685eb2f6df86d 16606712
lilypond-doc_2.19.81-1~exp2_all.deb
a9e9ce4845010bd6bdb645ef30d2630fa981bbb8c6a39fe06b035a549028081e 20953
lilypond_2.19.81-1~exp2_amd64.buildinfo
5b6714fc56070ce3eda8bfc8ab9115d1c20c866d0577075acc8b23305d942baa 2136000
lilypond_2.19.81-1~exp2_amd64.deb
Files:
05f3fd897e17522293ef43f4bf663a51 4296 tex optional lilypond_2.19.81-1~exp2.dsc
809aa0ea20c6dcb6fb2571d6a6854e9c 54032 tex optional
lilypond_2.19.81-1~exp2.debian.tar.xz
73bcda0b59b246872160585affdbf3d9 2298976 tex optional
lilypond-data_2.19.81-1~exp2_all.deb
343bfa671d90ec8f389892ce4b5a6303 31718844 debug optional
lilypond-dbgsym_2.19.81-1~exp2_amd64.deb
bdd4e832aaba6dcddafb405da0ac8456 1608552 doc optional
lilypond-doc-html-ca_2.19.81-1~exp2_all.deb
b3ce206b0a3aeb8fbe465f64d61b2a09 1335180 doc optional
lilypond-doc-html-cs_2.19.81-1~exp2_all.deb
e9a2fcdb67f723eee08c0b50d2be671a 1647824 doc optional
lilypond-doc-html-de_2.19.81-1~exp2_all.deb
0efdda2d39cd37a748f700fa77e7bfa1 1746796 doc optional
lilypond-doc-html-es_2.19.81-1~exp2_all.deb
f4a14b494fe7d05d7a9d61ef102fc4f5 1764848 doc optional
lilypond-doc-html-fr_2.19.81-1~exp2_all.deb
c27cb73b29174642b4f163a76f76b1bc 1311720 doc optional
lilypond-doc-html-hu_2.19.81-1~exp2_all.deb
0772b5a244dd7deadaf7cbc3ac39c2d8 1584476 doc optional
lilypond-doc-html-it_2.19.81-1~exp2_all.deb
8f792208ba0e8c3c2f5599efdd831007 1671412 doc optional
lilypond-doc-html-ja_2.19.81-1~exp2_all.deb
05b85d143148cbf21d1f5d0c2a811ce6 1314800 doc optional
lilypond-doc-html-nl_2.19.81-1~exp2_all.deb
9f09ccf77ac836a38f639cbe0a48f96c 1292172 doc optional
lilypond-doc-html-zh_2.19.81-1~exp2_all.deb
6a59e7b24e2d471a44300450a959521b 8877384 doc optional
lilypond-doc-html_2.19.81-1~exp2_all.deb
a487fe3b2135f61177b6416ec16b8b40 8859680 doc optional
lilypond-doc-pdf-ca_2.19.81-1~exp2_all.deb
2bd4cde5701fc6d9052861ad8f0480fd 10228080 doc optional
lilypond-doc-pdf-de_2.19.81-1~exp2_all.deb
215981fdea5deaed21a5ae34683ec576 10741912 doc optional
lilypond-doc-pdf-es_2.19.81-1~exp2_all.deb
928bc8e89383ecbf53186dca80cb467a 10782272 doc optional
lilypond-doc-pdf-fr_2.19.81-1~exp2_all.deb
906ee915f1160911630e33db59ee8bbc 4233484 doc optional
lilypond-doc-pdf-hu_2.19.81-1~exp2_all.deb
b1573b2e22d24c286e77e36654cdc4aa 10454696 doc optional
lilypond-doc-pdf-it_2.19.81-1~exp2_all.deb
87725600c876d42fee5690dd6e0b1ed9 3116012 doc optional
lilypond-doc-pdf-nl_2.19.81-1~exp2_all.deb
8beffd7f302935aba106a2c16eb7a89c 18250168 doc optional
lilypond-doc-pdf_2.19.81-1~exp2_all.deb
73b158f84516977bcb8fdddfd293264e 16606712 doc optional
lilypond-doc_2.19.81-1~exp2_all.deb
61e78a9c2a6a237159260806eefacef7 20953 tex optional
lilypond_2.19.81-1~exp2_amd64.buildinfo
f4b1adf0a12e1c58adfc42db53d2a365 2136000 tex optional
lilypond_2.19.81-1~exp2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN5QgYeBoIEyihVyW9VAlZYpmvz8FAlr19swACgkQ9VAlZYpm
vz+L4Q/+NBCLxosXKoQNOr7ILxZzypW4irjwJ4ucCGTUy7nzUdBjl+mQ2xWehmdn
UgmgiG9EhFDqrNTBKPltda03xqqAVeDIZ7hp7nZSI/g10TC1OSt4CY2m4c5aIA+k
XijjPuc3WgrwTGuQm4F4JtsorU2M9pfPa/+HJE9nEEflWxrKIAtACwNt6z0FTdcN
9U8Y2mtdHJbWgEXuJ/Tp7ipmXArbrpjFyEoNTpeNfXqb8Cz6Vj2/rvXd8RWXEIbr
sXA2ZrrvOHf9h0p62eGClpGOHiRjArbVQcaXAiDHHwS9zBIuZTM7GfEjjr91eyRV
bTFkD04Ft6Bwoqps2x5Q/r0Rdte29H1yZc6USnAsiKJWb/jivvWBRGfbJAz8Nx5Q
KFjCkE0vSSS+kAJ+l0OzxEbGR9o+Tb4uxxqY1drY308kFIecFk5z7zggXRDXzvpg
NOQAzUDbPCJPn2wI3su4fJhRfqRu4r9Z9+ePV3vZzmhv4mGt21MAAoTJ1ScW4zno
bz3FKFHgRQ+xPe+I4WAoUNjU/cxtpcJHOuWqniMpz1Xok/sbrkmGceYUrrRxHdYG
+yWbcNRH2b5EVjhRgU9t1Xk5s77jHJZt8pNy9ZMoxgTYjbjdRLp4LhTwmgjONLwB
uZokIDxB7Oc+bigpGbBwdk1yYC5JO9KPksa0RiRfNfQ0U+ytyv0=
=qq/e
-----END PGP SIGNATURE-----
--- End Message ---
