Your message dated Sun, 04 Feb 2018 13:38:14 +0000
with message-id <e1eikuo-000b8t...@fasolo.debian.org>
and subject line Bug#884136: fixed in lilypond 2.19.81-1~exp1
has caused the Debian Bug report #884136,
regarding lilypond: CVE-2017-17523
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
884136: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884136
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: lilypond
Version: 2.18.2-4
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for lilypond.

For a description of the issue see [1], in the "Similar
vulnerabilities in other packages" section.

CVE-2017-17523[0]:
| lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings
| before launching the program specified by the BROWSER environment
| variable, which allows remote attackers to conduct argument-injection
| attacks via a crafted URL, as demonstrated by a --proxy-pac-file
| argument.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-17523
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17523
[1] https://bugs.debian.org/881767

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: lilypond
Source-Version: 2.19.81-1~exp1

We believe that the bug you reported is fixed in the latest version of
lilypond, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 884...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dr. Tobias Quathamer <to...@debian.org> (supplier of updated lilypond package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 04 Feb 2018 13:31:46 +0100
Source: lilypond
Binary: lilypond lilypond-data lilypond-doc lilypond-doc-pdf lilypond-doc-html 
lilypond-doc-html-ca lilypond-doc-html-cs lilypond-doc-html-de 
lilypond-doc-html-es lilypond-doc-html-fr lilypond-doc-html-hu 
lilypond-doc-html-it lilypond-doc-html-ja lilypond-doc-html-nl 
lilypond-doc-html-zh lilypond-doc-pdf-ca lilypond-doc-pdf-de 
lilypond-doc-pdf-es lilypond-doc-pdf-fr lilypond-doc-pdf-hu lilypond-doc-pdf-it 
lilypond-doc-pdf-nl
Architecture: source all amd64
Version: 2.19.81-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Don Armstrong <d...@debian.org>
Changed-By: Dr. Tobias Quathamer <to...@debian.org>
Description:
 lilypond   - program for typesetting sheet music
 lilypond-data - LilyPond music typesetter (data files)
 lilypond-doc - LilyPond Documentation in info format (and metapackage)
 lilypond-doc-html - LilyPond HTML Documentation
 lilypond-doc-html-ca - LilyPond HTML Documentation in Catalan
 lilypond-doc-html-cs - LilyPond HTML Documentation in Czech
 lilypond-doc-html-de - LilyPond HTML Documentation in German
 lilypond-doc-html-es - LilyPond HTML Documentation in Spanish
 lilypond-doc-html-fr - LilyPond HTML Documentation in French
 lilypond-doc-html-hu - LilyPond HTML Documentation in Hungarian
 lilypond-doc-html-it - LilyPond HTML Documentation in Italian
 lilypond-doc-html-ja - LilyPond HTML Documentation in Japanese
 lilypond-doc-html-nl - LilyPond HTML Documentation in Dutch
 lilypond-doc-html-zh - LilyPond HTML Documentation in Chinese
 lilypond-doc-pdf - LilyPond PDF Documentation
 lilypond-doc-pdf-ca - LilyPond PDF Documentation in Catalan
 lilypond-doc-pdf-de - LilyPond PDF Documentation in German
 lilypond-doc-pdf-es - LilyPond PDF Documentation in Spanish
 lilypond-doc-pdf-fr - LilyPond PDF Documentation in French
 lilypond-doc-pdf-hu - LilyPond PDF Documentation in Hungarian
 lilypond-doc-pdf-it - LilyPond PDF Documentation in Italian
 lilypond-doc-pdf-nl - LilyPond PDF Documentation in Dutch
Closes: 884136
Changes:
 lilypond (2.19.81-1~exp1) experimental; urgency=medium
 .
   * New upstream version 2.19.81
   * Fix argument injection in lilypond-invoke-editor, CVE-2017-17523.
     This is a cherry-pick of upstream's fix, see
     https://sourceforge.net/p/testlilyissues/issues/5243/ (Closes: #884136)
   * Update Standards-Version to 4.1.3, no changes needed
   * Update d/copyright
   * Switch Vcs-URLs to salsa.d.o and add default branch for git
Checksums-Sha1:
 4b2ee644421e9d4bd36053b1255d821e1d148754 4296 lilypond_2.19.81-1~exp1.dsc
 13b37383e69d96123630fc7519af4cd8b0feadb0 2510038 
lilypond_2.19.81.orig-guile18.tar.gz
 6aeb3040bed1f94aaf00e18e6338a00bad55e92e 17303532 lilypond_2.19.81.orig.tar.gz
 fa7f6eb739b5b98f5125c95ba2283262423041d5 53812 
lilypond_2.19.81-1~exp1.debian.tar.xz
 6c4be272475b4ac9a33bc4e78cbb766722ca64f2 2298968 
lilypond-data_2.19.81-1~exp1_all.deb
 cefc987b52cfb90aae4ba9daa01622e23d4d1c70 31153272 
lilypond-dbgsym_2.19.81-1~exp1_amd64.deb
 a78dfe91eb611f4bbaff086cb04dcae821ec7b2a 1602040 
lilypond-doc-html-ca_2.19.81-1~exp1_all.deb
 3141294a3d77137ee8b96e52e1e489af9c454bc1 1335332 
lilypond-doc-html-cs_2.19.81-1~exp1_all.deb
 74338898ff671673b526994c8ccef1ef1e22f725 1643772 
lilypond-doc-html-de_2.19.81-1~exp1_all.deb
 4c5d50b05d825411ec1b3f1ca7c1d7136602b1bc 1747344 
lilypond-doc-html-es_2.19.81-1~exp1_all.deb
 121dddec3fb0e74992d87053eee39538ac7ce197 1763332 
lilypond-doc-html-fr_2.19.81-1~exp1_all.deb
 044c73d30d7d4bd490668dc7383d18ef87c485a6 1311156 
lilypond-doc-html-hu_2.19.81-1~exp1_all.deb
 23614ea76d96b795aa7063dd9931ed5a5adbef39 1584028 
lilypond-doc-html-it_2.19.81-1~exp1_all.deb
 f61255447dc7087adceca9a0767fbc502e9bb8a6 1669864 
lilypond-doc-html-ja_2.19.81-1~exp1_all.deb
 af0ee0daa19d670c01a53c8444bdf1c5dde5682f 1313804 
lilypond-doc-html-nl_2.19.81-1~exp1_all.deb
 b052c4430dc2191b3ee933d7a48edef955078f9f 1291820 
lilypond-doc-html-zh_2.19.81-1~exp1_all.deb
 3f74cb18e9b3e7a12f60e1ab9ce5804167b3480d 8877348 
lilypond-doc-html_2.19.81-1~exp1_all.deb
 83e1b7022941d1c64dba32726929a893beefeb47 8860452 
lilypond-doc-pdf-ca_2.19.81-1~exp1_all.deb
 88bb25e83e11e5654ce6f72b40d17aa250ca3cc7 10228756 
lilypond-doc-pdf-de_2.19.81-1~exp1_all.deb
 1e733c543a920477b8dd7858a65963c312660aa5 10742124 
lilypond-doc-pdf-es_2.19.81-1~exp1_all.deb
 6cea8c0d4e19b3527aaec8e491bd7fc839bddf04 10781524 
lilypond-doc-pdf-fr_2.19.81-1~exp1_all.deb
 c3afab1f8a5289fb165d36c00facc8d0dca445ba 4233804 
lilypond-doc-pdf-hu_2.19.81-1~exp1_all.deb
 c3ed19421594e8127a518ffd7a547d6c9d798196 10455212 
lilypond-doc-pdf-it_2.19.81-1~exp1_all.deb
 594790284772297f7396af0a8bd0ce077c7dc877 3115680 
lilypond-doc-pdf-nl_2.19.81-1~exp1_all.deb
 09fb9280a97c8efce3b261ab294d410960060088 18252360 
lilypond-doc-pdf_2.19.81-1~exp1_all.deb
 98d1b49c2192d26eb43dd67430b821ed6e35fb51 16606564 
lilypond-doc_2.19.81-1~exp1_all.deb
 7bae94e44eaf6fd37d3d5e3bf8cf93b5b14ff0a4 20441 
lilypond_2.19.81-1~exp1_amd64.buildinfo
 643a66304a717efd5f0fc8e90e24a01c4335ce8f 2135848 
lilypond_2.19.81-1~exp1_amd64.deb
Checksums-Sha256:
 72a950409acc1a2b4a109b8fc05fa42c3767debfda6c02d94e214d16d4c15f01 4296 
lilypond_2.19.81-1~exp1.dsc
 55ff45dd426c58ef7a5530b4e701c2a6a1e54043c2b69c64206fc105ddd247db 2510038 
lilypond_2.19.81.orig-guile18.tar.gz
 2ac299045dc4a8fa3bd7c67af7b06877b21cdb50321fec5baa558e3173ed646c 17303532 
lilypond_2.19.81.orig.tar.gz
 900b201fd7bed283e294d2039864d6d9b0e232a55f5bccf187c9ea8c134f8b0c 53812 
lilypond_2.19.81-1~exp1.debian.tar.xz
 e3bcd6d363e827e7bc52cc00cbb127a67e97e3cb6f5b4a0b41b1cfe615476263 2298968 
lilypond-data_2.19.81-1~exp1_all.deb
 8c747f9f317fef7d108f170eab6c70a46249933fe20fa6e4677ccd1002ba65ea 31153272 
lilypond-dbgsym_2.19.81-1~exp1_amd64.deb
 c6edc6ebc7672f9aec6396ce4a783500108606d515d3da6bdac0af1ebce8aa5f 1602040 
lilypond-doc-html-ca_2.19.81-1~exp1_all.deb
 19e24c9834c730282aad2730cd400d22cedca54e3dded4e832a0a098cf6cfb6b 1335332 
lilypond-doc-html-cs_2.19.81-1~exp1_all.deb
 a9f3bea7a3149c2db37023da450582193d62590fc88d2859d31ddf8d1ed0506a 1643772 
lilypond-doc-html-de_2.19.81-1~exp1_all.deb
 679f0d5f8c66f7a595015d725268c21ba35d91764b2a64bbd2222951ed597f06 1747344 
lilypond-doc-html-es_2.19.81-1~exp1_all.deb
 f337757107e0bae49342ab4d96497e609ce11404ee7b776d5fc5c6a741e06b9d 1763332 
lilypond-doc-html-fr_2.19.81-1~exp1_all.deb
 c01a3909106e783ef8e5a9a9d09d3accd5700ca33d086a2d4b063dd83535748c 1311156 
lilypond-doc-html-hu_2.19.81-1~exp1_all.deb
 c1d66d75bdfd86e50cafcd3b755274360e452488cca0db6be48e91003cd9bb8e 1584028 
lilypond-doc-html-it_2.19.81-1~exp1_all.deb
 49f6f55ca83b7d7db3089800ff6192785f3a3f81a816471cded5a8f8338aa49e 1669864 
lilypond-doc-html-ja_2.19.81-1~exp1_all.deb
 ec1fb9c82d00084b74e91ea8fec56a44688c086176d4bfac78b044facd278929 1313804 
lilypond-doc-html-nl_2.19.81-1~exp1_all.deb
 b4d37a5db9681536de4b6a0da74b72d544b8cc08d084649b4b3e6d172e907f0f 1291820 
lilypond-doc-html-zh_2.19.81-1~exp1_all.deb
 b85ad330636416c9cbabc5793fa89719da8bae1231c88cf12255a20759b47015 8877348 
lilypond-doc-html_2.19.81-1~exp1_all.deb
 f8b020296bff6cddcda27ac0791437679dd8cd3113effab6dd71574b62fbb8d8 8860452 
lilypond-doc-pdf-ca_2.19.81-1~exp1_all.deb
 8ba79b34bbd5d9c607709796204b779b694eb9e45d8aebae9e1df078074f810a 10228756 
lilypond-doc-pdf-de_2.19.81-1~exp1_all.deb
 2fc92f26ef6387360779987914bfefe4b50f60a59c85b8a3cb277318decf11e5 10742124 
lilypond-doc-pdf-es_2.19.81-1~exp1_all.deb
 e5a598c0e53f6a43c7b449cadf5cc3fd157db3ef861deba4c693ee7eafeee982 10781524 
lilypond-doc-pdf-fr_2.19.81-1~exp1_all.deb
 7d45a71b4618147e02a07afadcfd8e87289ef1b5d7fdc6bcfac091d0a8b2e8c3 4233804 
lilypond-doc-pdf-hu_2.19.81-1~exp1_all.deb
 6f44b87ed0e537ec1e3f35dd10df54c91c515fdd7824c3de5dc311115727cdbd 10455212 
lilypond-doc-pdf-it_2.19.81-1~exp1_all.deb
 18d387074368e95a868e8034231ba66fe955c5e8f80b83b6c68e843b41920c70 3115680 
lilypond-doc-pdf-nl_2.19.81-1~exp1_all.deb
 2a0ce3544ea007fd26260fdccf3522a00ced1fed2e50c1eae50690418dfd26aa 18252360 
lilypond-doc-pdf_2.19.81-1~exp1_all.deb
 b3cd944000e333c690c78a6b0887c10a9f26fd63b16e8c23a9851b25c7d3688f 16606564 
lilypond-doc_2.19.81-1~exp1_all.deb
 6b84d225cb3ec01520e19849720567efbc005658da9c65c0735e992a5e72128d 20441 
lilypond_2.19.81-1~exp1_amd64.buildinfo
 c827bc7479ab9b859d01eab1a8272aabcb6bbf44d461fbe167ab7146bd5a4e24 2135848 
lilypond_2.19.81-1~exp1_amd64.deb
Files:
 9f41c89d3ad1fc458598961aba420f48 4296 tex optional lilypond_2.19.81-1~exp1.dsc
 2863f46023dd38e33ac37978302c078f 2510038 tex optional 
lilypond_2.19.81.orig-guile18.tar.gz
 e97ae84cccc68aeb59bbed34b1e8a243 17303532 tex optional 
lilypond_2.19.81.orig.tar.gz
 6810b266a4928b81b26d302a4d2e0b5a 53812 tex optional 
lilypond_2.19.81-1~exp1.debian.tar.xz
 f127c558145f9a3b2ccaba9a5726cc38 2298968 tex optional 
lilypond-data_2.19.81-1~exp1_all.deb
 5145d83f1086ffcdc9f552a1096d4841 31153272 debug optional 
lilypond-dbgsym_2.19.81-1~exp1_amd64.deb
 331ff53242bfcc1d2ce96f3c8cf19f3f 1602040 doc optional 
lilypond-doc-html-ca_2.19.81-1~exp1_all.deb
 e66cc5be4dfe341929ff6aaddd4d3ed3 1335332 doc optional 
lilypond-doc-html-cs_2.19.81-1~exp1_all.deb
 6268482030d460f0d24567f3d421f1d3 1643772 doc optional 
lilypond-doc-html-de_2.19.81-1~exp1_all.deb
 cefde1295458deea9b689fe7114faa23 1747344 doc optional 
lilypond-doc-html-es_2.19.81-1~exp1_all.deb
 587a67a7ad3d0e1d98e1686745c77732 1763332 doc optional 
lilypond-doc-html-fr_2.19.81-1~exp1_all.deb
 5dfc516575c15091595d1f142f95f07b 1311156 doc optional 
lilypond-doc-html-hu_2.19.81-1~exp1_all.deb
 254019c8601d98977b44afe40004c1fd 1584028 doc optional 
lilypond-doc-html-it_2.19.81-1~exp1_all.deb
 09794ff1df0cc87bcade5427a0b63ed2 1669864 doc optional 
lilypond-doc-html-ja_2.19.81-1~exp1_all.deb
 581794e60bc6275ddb90b5e92143bea5 1313804 doc optional 
lilypond-doc-html-nl_2.19.81-1~exp1_all.deb
 7cddbc90edfbb3a266b4d3f2a9081e3a 1291820 doc optional 
lilypond-doc-html-zh_2.19.81-1~exp1_all.deb
 4ee17a228c3e6f2efef9f52dc6c1f1c3 8877348 doc optional 
lilypond-doc-html_2.19.81-1~exp1_all.deb
 ae186aafafad8e82da0ddc48f7561206 8860452 doc optional 
lilypond-doc-pdf-ca_2.19.81-1~exp1_all.deb
 900e56cb4f92766d97eff8c66ff9f2da 10228756 doc optional 
lilypond-doc-pdf-de_2.19.81-1~exp1_all.deb
 9eacc05b13398495ca4deef52f2335bb 10742124 doc optional 
lilypond-doc-pdf-es_2.19.81-1~exp1_all.deb
 cf870bc8410c401e83fbc4bdb5fba0f4 10781524 doc optional 
lilypond-doc-pdf-fr_2.19.81-1~exp1_all.deb
 e377f2346d1d0a9bbf35319d41247735 4233804 doc optional 
lilypond-doc-pdf-hu_2.19.81-1~exp1_all.deb
 ed897e806c8bbd4d9a2b6a43c76fd9bd 10455212 doc optional 
lilypond-doc-pdf-it_2.19.81-1~exp1_all.deb
 00f0a25206246d61599f02c9f471d8e5 3115680 doc optional 
lilypond-doc-pdf-nl_2.19.81-1~exp1_all.deb
 c2e5726a83da98a638a895b188d8f178 18252360 doc optional 
lilypond-doc-pdf_2.19.81-1~exp1_all.deb
 86de17d7ca5c0e6d0439d90e5f08dfbd 16606564 doc optional 
lilypond-doc_2.19.81-1~exp1_all.deb
 8b6ffda237ce46f39641436a1674140b 20441 tex optional 
lilypond_2.19.81-1~exp1_amd64.buildinfo
 fe67174180ae2be61abbe146acf7562a 2135848 tex optional 
lilypond_2.19.81-1~exp1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAlp3B6YACgkQEwLx8Dbr
6xkT0BAAlB0xXH2omvJ2cw9wrJIuRqsSb+vI8udx2Woqj7xDHvbrlEI1UmadPK/h
zqcdDum+lQySLR9B/TNkpBivJolTDH+JEYfZWXvAwAY0TdkAlHBXUSQGNM+CLZsg
QMStmskT8MH4/1ocVBXHmHV7FxOpzuvEjNxxQkvFVWPQ73gUHgP6yEuutij6NV3p
/8acB1RXul3UMl3rEPEa2CsPDQeNYm2MgaNE5GwCEHW59ZMxx4ro0oqcQhZtcsOL
ZxG/nYkxpYEL+GZxVGte2Bp7Vc8kOVDp4B5VC7/0peCKv/vORbBmdPIy7kVtGcVf
ogvqcH99FMIk5j1/uiWJd3V4C67bmeyu9FkmY2KVuYj9qjt5gqBtp+JjTYIrP0D0
bY+w90dTJDVEdJZwOOY9b9Q/+qmsGIO+8nlPAmmpgf5FMewWkpyUMa5rRq0FMM3p
Z3hqnmUNU/0utfBgyNEZ/PPxQ/Y2BcdBeAgEWla9n+4B7hRnvAj5zeMLPOr8xb5c
8McDwoLZft///GC6FJ7FwveMjlIuUuhEMfLATEa3gZjN61ow0jddoHoSXpO1BLhL
r9PwTftAU/ISABS53y07ws7aBSaTZFFTmwcQbPTnTlFP3TCfkKmH+45IAYKvCb1j
sCiE7JqoPCxMrJH7wEOMi6fcQi09TKNkwIpwr+GkzVGsxADr9RQ=
=qZgz
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to