Package: libmodplug Version: 1:0.8.4-5 Severity: grave Tags: security patch
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libmodplug: CVE-2009-1438[1] Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow. Patch:[2] If you fix the vulnerability please also make sure to include the CVE id in the changelog entry. [1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1438 [2]http://modplug-xmms.cvs.sourceforge.net/viewvc/modplug-xmms/libmodplug/src/load_med.cpp?r1=1.1&r2=1.3&view=patch Cheers, Giuseppe. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
