Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 32: FEDORA-2020-a820f2b735 moderate: abcm2ps buffer overflow

fedora
Calendar Grey May 20, 2020
Dist Fedora Esm H88
The latest update for Fedora 32 resolves several security vulnerabilities, notably buffer overflow concerns found in the abcm2ps package.
New upstream release with fixes for CVEs and other enhancements.

Summary

Abcm2ps is a package which converts music tunes from ABC format to

Postscript. Based on abc2ps version 1.2.5, it was developed mainly to

print Baroque organ scores which have independent voices played on one

or many keyboards and a pedal-board. Abcm2ps introduces many

extensions to the ABC language that make it suitable for classical

music.

New upstream release with fixes for CVEs and other enhancements.

* Tue May 12 2020 Stuart Gathman - 8.14.7-2

- Move sample ABC output to subpackage

* Tue May 12 2020 Stuart Gathman - 8.14.7-1

- New upstream release

* Wed Apr 29 2020 Filipe Rosset - 7.8.14-11

- Fix FTBFS

* Tue Jan 28 2020 Fedora Release Engineering - 7.8.14-10

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

[ 1 ] Bug #1063718 - abcm2ps-8.14.7 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1063718

[ 2 ] Bug #1576118 - CVE-2018-10753 abcm2ps: stack based buffer overflow in the delayed_output function in music.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1576118

[ 3 ] Bug #1576641 - CVE-2018-10771 abcm2ps: Stack-based buffer overflow in parse.c:get_key() allows for denial of service [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1576641

[ 4 ] Bug #1799137 - abcm2ps: FTBFS in Fedora rawhide/f32

https://bugzilla.redhat.com/show_bug.cgi?id=1799137

su -c 'dnf upgrade --advisory FEDORA-2020-a820f2b735' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory moderate buffer overflow software update Fedora enhancements abcm2ps

Change Log

References

Update Instructions

Product: Fedora 32
Version: 8.14.7
Release: 2.fc32
URL: http://moinejf.free.fr
Summary: A program to typeset ABC tunes into Postscript

Topics%20covered

Topics Covered

security advisory moderate buffer overflow software update Fedora enhancements abcm2ps

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here