Security update for lilypond
This update for lilypond fixes the following issues:
- CVE-2018-10992: lilypond: Does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks (bsc#1093056)
- packages do not build reproducibly from unsorted input (bsc#1041090)
-
Submitted by
Dave Plater (plater)
Fixed bugs
bnc#1041090
trackerbug: packages do not build reproducibly from unsorted input
bnc#1093056
VUL-0: CVE-2018-10992: lilypond: Does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks
