[ubuntu/hardy-security] libmikmod (delayed), libmikmod 3.1.11-6ubuntu3.8.04.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Sep 29 16:03:40 BST 2010 

libmikmod (3.1.11-6ubuntu3.8.04.1) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via incorrect channel count
    - debian/patches/CVE-2007-6720.patch: use channel count of current
      song in playercode/mplayer.c.
    - CVE-2007-6720
  * SECURITY UPDATE: denial of service via XM file
    - debian/patches/CVE-2009-0179.patch: fix file format in
      loaders/load_xm.c, handle error in playercode/mloader.c.
    - CVE-2009-0179
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via Impulse Tracker and Ultratracker files
    - debian/patches/CVE-2009-3995f.patch: check number of channels in
      loaders/load_ult.c, check volpts in loaders/load_it.c.
    - CVE-2009-3995
    - CVE-2009-3996
  * SECURITY UPDATE: incomplete fix for CVE-2009-3995
    - debian/patches/CVE-2010-2546.patch: do further validations in
      loaders/load_it.c.
    - CVE-2010-2546
    - CVE-2010-2971

Date: Wed, 22 Sep 2010 10:03:36 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/libmikmod/3.1.11-6ubuntu3.8.04.1
-------------- next part --------------
Format: 1.7
Date: Wed, 22 Sep 2010 10:03:36 -0400
Source: libmikmod
Binary: libmikmod2-dev libmikmod2
Architecture: source
Version: 3.1.11-6ubuntu3.8.04.1
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmikmod2 - A portable sound library
 libmikmod2-dev - A portable sound library - development files
Changes: 
 libmikmod (3.1.11-6ubuntu3.8.04.1) hardy-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via incorrect channel count
     - debian/patches/CVE-2007-6720.patch: use channel count of current
       song in playercode/mplayer.c.
     - CVE-2007-6720
   * SECURITY UPDATE: denial of service via XM file
     - debian/patches/CVE-2009-0179.patch: fix file format in
       loaders/load_xm.c, handle error in playercode/mloader.c.
     - CVE-2009-0179
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via Impulse Tracker and Ultratracker files
     - debian/patches/CVE-2009-3995f.patch: check number of channels in
       loaders/load_ult.c, check volpts in loaders/load_it.c.
     - CVE-2009-3995
     - CVE-2009-3996
   * SECURITY UPDATE: incomplete fix for CVE-2009-3995
     - debian/patches/CVE-2010-2546.patch: do further validations in
       loaders/load_it.c.
     - CVE-2010-2546
     - CVE-2010-2971
Files: 
 9d56dccce0535ee3c48ca642da04705a 730 libs optional libmikmod_3.1.11-6ubuntu3.8.04.1.dsc
 88b89686ec91f5173c6dd8b80ce8e64e 339148 libs optional libmikmod_3.1.11-6ubuntu3.8.04.1.diff.gz
Original-Maintainer: Ingo Saitz <ingo at debian.org>

More information about the Hardy-changes mailing list