Source: libopenmpt
Version: 0.2.7025~beta20.1-1
Severity: grave
Tags: security upstream fixed-upstream


libopenmpt 0.3.8 was released with a security update. I requested a CVE
and got CVE-2018-10017 assigned for it (the "[Sec]" line in the changelog).

> libopenmpt 0.3.8 (2018-04-08)
> [Sec] Possible out-of-bounds memory read with IT and MO3 files containing 
> many nested pattern loops (r10028).
> Keep track of active SFx macro during seeking.
> The “note cut” duplicate note action did not volume-ramp the previously 
> playing sample.
> A song starting with non-existing patterns could not be played.
> DSM: Support restart position and 16-bit samples.
> DTM: Import global volume.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to