[ubuntu/karmic-security] libmikmod (delayed), libmikmod 3.1.11-6ubuntu4.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Sep 29 16:03:27 BST 2010


libmikmod (3.1.11-6ubuntu4.1) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service via incorrect channel count
    - debian/patches/CVE-2007-6720.patch: use channel count of current
      song in playercode/mplayer.c.
    - CVE-2007-6720
  * SECURITY UPDATE: denial of service via XM file
    - debian/patches/CVE-2009-0179.patch: fix file format in
      loaders/load_xm.c, handle error in playercode/mloader.c.
    - CVE-2009-0179
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via Impulse Tracker and Ultratracker files
    - debian/patches/CVE-2009-3995f.patch: check number of channels in
      loaders/load_ult.c, check volpts in loaders/load_it.c.
    - CVE-2009-3995
    - CVE-2009-3996
  * SECURITY UPDATE: incomplete fix for CVE-2009-3995
    - debian/patches/CVE-2010-2546.patch: do further validations in
      loaders/load_it.c.
    - CVE-2010-2546
    - CVE-2010-2971

Date: Wed, 22 Sep 2010 09:43:13 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/libmikmod/3.1.11-6ubuntu4.1
-------------- next part --------------
Format: 1.8
Date: Wed, 22 Sep 2010 09:43:13 -0400
Source: libmikmod
Binary: libmikmod2-dev libmikmod2
Architecture: source
Version: 3.1.11-6ubuntu4.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libmikmod2 - A portable sound library
 libmikmod2-dev - A portable sound library - development files
Changes: 
 libmikmod (3.1.11-6ubuntu4.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via incorrect channel count
     - debian/patches/CVE-2007-6720.patch: use channel count of current
       song in playercode/mplayer.c.
     - CVE-2007-6720
   * SECURITY UPDATE: denial of service via XM file
     - debian/patches/CVE-2009-0179.patch: fix file format in
       loaders/load_xm.c, handle error in playercode/mloader.c.
     - CVE-2009-0179
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via Impulse Tracker and Ultratracker files
     - debian/patches/CVE-2009-3995f.patch: check number of channels in
       loaders/load_ult.c, check volpts in loaders/load_it.c.
     - CVE-2009-3995
     - CVE-2009-3996
   * SECURITY UPDATE: incomplete fix for CVE-2009-3995
     - debian/patches/CVE-2010-2546.patch: do further validations in
       loaders/load_it.c.
     - CVE-2010-2546
     - CVE-2010-2971
Checksums-Sha1: 
 1f5820594efac295dab9261af4e121c4a2840a5d 1130 libmikmod_3.1.11-6ubuntu4.1.dsc
 d6b4e978ac8bc6f62e2c7e1fac5846a3b41e6887 338972 libmikmod_3.1.11-6ubuntu4.1.diff.gz
Checksums-Sha256: 
 8c00c1a27ec1939e602657a6d5b6256b4bfdce35905c02ffebbe90c4c7bea4fd 1130 libmikmod_3.1.11-6ubuntu4.1.dsc
 00072a344c6a1930e036cef41b8b9009d6ac024775654b14fac74ac52b36e54f 338972 libmikmod_3.1.11-6ubuntu4.1.diff.gz
Files: 
 1feb8d8fcb433337e8ddad65e2076e4a 1130 libs optional libmikmod_3.1.11-6ubuntu4.1.dsc
 b044cd4c0262d4d38fc94de90fb520d4 338972 libs optional libmikmod_3.1.11-6ubuntu4.1.diff.gz
Original-Maintainer: Ingo Saitz <ingo at debian.org>


More information about the Karmic-changes mailing list