Tags: security upstream
the following vulnerability was published for lilypond.
For a description of the issue see , in the "Similar
vulnerabilities in other packages" section.
| lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings
| before launching the program specified by the BROWSER environment
| variable, which allows remote attackers to conduct argument-injection
| attacks via a crafted URL, as demonstrated by a --proxy-pac-file
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
What prison taught me was that some people are born into a life where
they're going to be subjected to intense life experiences and personal
tragedy on an almost daily basis. [...] I don't think you get
enlightenment after something like that. I think all anyone really
wants, if they're honest with themselves, is a quiet, easy life
surrounded by people that love them. Anything else is a conceit.
-- OP from 99chan