ZMOG test wiki (master branch)
Tim paste: Difference between revisions

Tim paste: Difference between revisions

From ZMOG test wiki (master branch)
Line 57: Line 57:
== CVE-2020-17354 ==
== CVE-2020-17354 ==


See [https://phabricator.wikimedia.org/T259210 T259210]
See [https://phabricator.wikimedia.org/T259210 T259210]; unable to reproduce with LilyPond 2.23.82, MediaWiki REL1_39, Score on master.


1. PoC from task:<score>
1. PoC from task:<score>

Revision as of 01:34, 20 January 2023

Normal

Unable to obtain LilyPond version: 

/bin/bash: line 1: /usr/local/bin/lilypond: No such file or directory

Multipage

Could not execute LilyPond: /usr/local/bin/lilypond is not an executable file. Make sure $wgScoreLilyPond is set correctly.

Raw

Could not execute LilyPond: /usr/local/bin/lilypond is not an executable file. Make sure $wgScoreLilyPond is set correctly.

Starling

Could not execute LilyPond: /usr/local/bin/lilypond is not an executable file. Make sure $wgScoreLilyPond is set correctly.

Rest

Could not execute LilyPond: /usr/local/bin/lilypond is not an executable file. Make sure $wgScoreLilyPond is set correctly.

ABC

Could not execute LilyPond: /usr/local/bin/lilypond is not an executable file. Make sure $wgScoreLilyPond is set correctly.

CVE-2020-17354

See T259210; unable to reproduce with LilyPond 2.23.82, MediaWiki REL1_39, Score on master.

1. PoC from task:

Could not execute LilyPond: /usr/local/bin/lilypond is not an executable file. Make sure $wgScoreLilyPond is set correctly.

2. Again, using raw=1:

Could not execute LilyPond: /usr/local/bin/lilypond is not an executable file. Make sure $wgScoreLilyPond is set correctly.

3. Notehead stencil hack PoC, contributed in comment from LilyPond developer Han-wen Nienhuys:

Could not execute LilyPond: /usr/local/bin/lilypond is not an executable file. Make sure $wgScoreLilyPond is set correctly.
Retrieved from "http://mw-master.test.jon.geek.nz/w/index.php?title=Tim_paste&oldid=35"