Moritz Mühlenhoff dixit:
>Am Fri, May 10, 2024 at 06:39:20PM + schrieb Thorsten Glaser:
>> This is a bit like the limited security support for binutils,
>> I suppose. Could/should we document that in the same places?
>
>Sure thing, this sounds similar to what was done for Lilypond,
Ah, okay.
Am Fri, May 10, 2024 at 06:39:20PM + schrieb Thorsten Glaser:
> This is a bit like the limited security support for binutils,
> I suppose. Could/should we document that in the same places?
Sure thing, this sounds similar to what was done for Lilypond,
best to simply ship a similar
Dixi quod…
>Huh. MuseScore (Studio) is a desktop application.
I’ll add a README.Debian note about that fact and that upstream
has never considered crashes on invalid input a bug and that it
hasn’t been designed as a remotely accessible service, but as a
desktop application, and that users should
Moritz Mühlenhoff dixit:
>| MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code
>| Execution Vulnerability. This vulnerability allows remote attackers
Huh. MuseScore (Studio) is a desktop application.
I will have to investigate whether they mean indeed this
or the musescore.com
Source: musescore3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for musescore3.
CVE-2023-44428[0]:
| MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows
5 matches
Mail list logo
