Package: libmodplug Version: 1:0.7-4 1:0.7-5 Severity: grave Tags: security
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2006-4192: "Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files." I have confirmed the second vector but have not confirmed the first. The original advisory [1] includes proof-of-concept code [2] to generate sample ITP and AMF files; cmus (using libmodplug) crashed while playing the AMF file. The advisory says that a fixed version is forthcoming; the website [3] has an update from 2006-08-10 saying that 0.8.2 is "soon to be released", but does not mention this issue. I have not confirmed that this issue affects sarge, but the changelog between the version in sarge and the version in etch only mentions a transition rebuild; I fully expect sarge is vulnerable. Please don't forget to mention the CVE in your changelog. Thanks, Alec [1] http://aluigi.altervista.org/adv/mptho-adv.txt [2] http://aluigi.org/poc/mptho.zip -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFE5TYfAud/2YgchcQRAvoUAJ0R5Pixj6yVxy+xt0Qql6aGzO7Z7wCgvL7L uwaIPwr9cF0KluGrSyji9JQ= =Qi9t -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
