Oval Definition:	oval:com.ubuntu.bionic:def:201810992000
Revision Date: 2018-05-11 Version: 1 Title: CVE-2018-10992 on Ubuntu 18.04 LTS (bionic) - medium. Description: lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523. Family: unix Class: vulnerability Status: Reference(s): CVE-2018-10992 Platform(s): Ubuntu 18.04 LTS Product(s): Definition Synopsis Ubuntu 18.04 LTS (bionic) is installed. AND The vulnerability of the 'lilypond' package in bionic is not known (status: 'needs-triage'). It is pending evaluation.
BACK