Bug#622091: libmodplug ReadS3M stack overflow
Hi, * Remi Denis-Courmont [2011-04-10 09:36]: > An exploitable memory corruption vulnerability has been publicized > against libmodplug 0.8.8.1: > http://seclists.org/fulldisclosure/2011/Apr/113 > > Upstream version 0.8.8.2 fixes the issue. How important is this library for vlc and others from an end-user perspective? The code doesn't look like it was written with security in mind and I guess it's only a matter of time for new issues to popup for this lib. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpyTd4g2phys.pgp Description: PGP signature
Bug#622091: libmodplug ReadS3M stack overflow
Package: libmodplug Version: 1:0.8.8.1-2 Severity: grave Tags: security upstream Justification: user security hole Hello, An exploitable memory corruption vulnerability has been publicized against libmodplug 0.8.8.1: http://seclists.org/fulldisclosure/2011/Apr/113 Upstream version 0.8.8.2 fixes the issue. Best regards, -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (100, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.38-2-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
