Univention Bugzilla – Bug 51761
libopenmpt: Multiple issues (4.4)
Last modified: 2020-08-05 15:15:41 CEST
New Debian libopenmpt 0.2.7386~beta20.3-3+deb9u4 fixes: This update addresses the following issue: * In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow. (CVE-2019-17113)
--- mirror/ftp/4.3/unmaintained/4.3-3/source/libopenmpt_0.2.7386~beta20.3-3+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/libopenmpt_0.2.7386~beta20.3-3+deb9u4.dsc @@ -1,3 +1,8 @@ +0.2.7386~beta20.3-3+deb9u4 [Sun, 02 Aug 2020 02:09:47 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS Team. + * Add patch to fix buffer overflow. (Fixes: CVE-2019-17113) + 0.2.7386~beta20.3-3+deb9u3 [Thu, 12 Apr 2018 10:14:53 +0100] James Cowgill <jcowgill@debian.org>: * Add patch to fix CVE-2018-10017 (Closes: #895406). <http://10.200.17.11/4.4-5/#2482180262446135662>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] f26a6f952e Bug #51761: libopenmpt 0.2.7386~beta20.3-3+deb9u4 doc/errata/staging/libopenmpt.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x693>