Package: libmodplug Version: 1:0.8.4-5 Severity: serious Tags: security patch
Hi, The following SA (Secunia Advisory) id was published for libmodplug: SA34927[1] > DESCRIPTION: > A vulnerability has been reported in libmodplug, which can be > exploited by malicious people to cause a DoS (Denial of Service) and > potentially compromise an application using the library. > > A boundary error exists within the "PATinst()" function in > src/load_pat.c. This can be exploited to cause a buffer overflow by > e.g. tricking a victim into opening a specially crafted file in an > application using the library. > > SOLUTION: > Update to version 0.8.7. > > PROVIDED AND/OR DISCOVERED BY: > Manfred Tremmel and Stanislav Brabec > > ORIGINAL ADVISORY: > http://sourceforge.net/tracker/?func=detail&aid=2777467&group_id=1275&atid=301275 You can find the trivial patch[2] in the upstream cvs repository. If you fix the vulnerability please also make sure to include the CVE id (if it will be available) in the changelog entry. [1]http://secunia.com/advisories/34927 [2]http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_pat.cpp?r1=1.3&r2=1.4 Cheers, Giuseppe. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
