Univention Bugzilla – Bug 48177
libopenmpt: Multiple issues (4.3)
Last modified: 2018-11-21 15:21:29 CET
New Debian libopenmpt 0.2.7386~beta20.3-3+deb9u3 fixes: This update addresses the following issue: * soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops. (CVE-2018-10017)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/libopenmpt_0.2.7386~beta20.3-3+deb9u3.dsc @@ -1,3 +1,8 @@ +0.2.7386~beta20.3-3+deb9u3 [Thu, 12 Apr 2018 10:14:53 +0100] James Cowgill <jcowgill@debian.org>: + + * Add patch to fix CVE-2018-10017 (Closes: #895406). + - up11: Out-of-bounds read loading IT / MO3 files with many pattern loops. + 0.2.7386~beta20.3-3+deb9u2 [Sat, 15 Jul 2017 18:33:57 +0100] James Cowgill <jcowgill@debian.org>: * Add security patches (Closes: #867579). <http://10.200.17.11/4.3-2/#2482180262438557987>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] c07b10359f Bug #48177: libopenmpt 0.2.7386~beta20.3-3+deb9u3 doc/errata/staging/libopenmpt.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [4.3-2] 2b83fae342 Bug #48177: libopenmpt 0.2.7386~beta20.3-3+deb9u3 doc/errata/staging/libopenmpt.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.3/320.html>