Bug#889545: libopenmpt0: possible out-of-bounds memory read with malformed STP files
James Cowgill
jcowgill at debian.org
Sun Feb 4 15:35:36 UTC 2018
Control: retitle -1 libopenmpt0: CVE-2018-6611
On 04/02/18 12:26, James Cowgill wrote:
> Package: libopenmpt0
> Version: 0.3.1-1
> Severity: grave
> Tags: security
>
> This security update was published for libopenmpt:
> https://lib.openmpt.org/libopenmpt/2018/02/03/security-update-0.3.6/
>
>> The OpenMPT/libopenmpt project released the latest stable libopenmpt version:
>>
>> libopenmpt 0.3.6 (2018-02-03)
>> [Sec] Possible out-of-bounds memory read with malformed STP files. (r9576)
>
> The bug only affects 0.3.x so it will not require any updates to stable.
>
> I have requested a CVE for this bug.
... and it was allocated CVE-2018-6611.
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20180204/0fbee903/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list