{"affected":[{"ecosystem_specific":{"binaries":[{"abcm2ps":"8.14.13-bp153.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"abcm2ps","purl":"pkg:rpm/suse/abcm2ps&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.14.13-bp153.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"abcm2ps":"8.14.13-bp153.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"abcm2ps","purl":"pkg:rpm/opensuse/abcm2ps&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.14.13-bp153.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for abcm2ps fixes the following issues:\n\nUpdate to 8.14.13:\n\n* fix: don't start/stop slurs above/below decorations\n* fix: crash when too many notes in a grace note sequence (#102)\n* fix: crash when too big value in M: (#103)\n* fix: loop or crash when too big width of y (space) (#104)\n* fix: bad font definition with SVG output when spaces in font name\n* fix: bad check of note length again (#106)\n* fix: handle %%staffscale at the global level (#108)\n* fix: bad vertical offset of lyrics when mysic line starts with empty staves\n\nUpdate to 8.14.12:\n\nFixes:\n\n* crash when '%%break 1' and no measure bar in the tune\n* crash when duplicated voice ending on %%staves with repeat variant\n* crash when voice duplication with symbols without width\n* crash or bad output when null value in %%scale\n* problem when only bars in 2 voices followed %%staves of the second voice only\n* crash when tuplet error in grace note sequence\n* crash when grace note with empty tuplet\n* crash when many broken rhythms after a single grace note\n* access outside the deco array when error in U:\n* crash when !xstem! with no note in the previous voice\n* crash on tuplet without any note/rest\n* crash when grace notes at end of line and voice overlay\n* crash when !trem2! at start of a grace note sequence\n* crash when wrong duration in 2 voice overlays and bad ties\n* crash when accidental without a note at start of line after K: (CVE-2021-32435)\n* array overflow when wrong duration in voice overlay (CVE-2021-32434, CVE-2021-32436)\n* loss of left margin after first page since previous commit\n* no respect of %%leftmargin with -E or -g\n* bad placement of chord symbols when in a music line with only invisible rests\n\nSyntax:\n\n* Accept and remove one or two '%'s at start of all %%beginxxx lines\n\nGeneration:\n\n* Move the CSS from XHTML to SVG\n\nUpdate to 8.14.11:\n\n* fix: error ''staffwidth' too small' when generating sample3.abc\n\nUpdate to 8.14.10:\n\n* fix: bad glyph when defined by SVG containing 'v' in\n* fix: bad check of note length since commit 191fa55\n* fix: memory corruption when error in %%staves/%%score\n* fix: crash when too big note duration\n* fix: crash when staff width too small\n\nUpdate to 8.14.9:\n\n* fix: bad natural accidental when %%MIDI temperamentequal\n\nUpdate to 8.14.8:\n\n* fix: no respect the width in %%staffbreak\n* fix: don't draw a staff when only %%staffbreak inside\n* fix: bad repeat bracket when continued on next line, line starting by a bar\n* fix: bad tuplet bracket again when at end of a voice overlay sequence\n* fix: bad tuplet bracket when at end of a voice overlay sequence\n* handle '%%MIDI temperamentequal '\n* accept '^1' and '_1' as microtone accidentals\n","id":"openSUSE-SU-2022:0100-1","modified":"2022-03-31T10:01:29Z","published":"2022-03-31T10:01:29Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ECLDK4M5WWVFFEXTUWXNEHKC3U2NNPCQ/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197355"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32434"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32435"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32436"}],"related":["CVE-2021-32434","CVE-2021-32435","CVE-2021-32436"],"summary":"Security update for abcm2ps","upstream":["CVE-2021-32434","CVE-2021-32435","CVE-2021-32436"]}