Hi, I've prepared a NMU to fix CVE-2009-0179 and CVE-2007-6720 in unstable
The package can be found on mentors.debian.net: - URL: http://mentors.debian.net/debian/pool/main/l/libmikmod - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - dget http://mentors.debian.net/debian/pool/main/l/libmikmod/libmikmod_3.1.11-6.1.dsc I would be glad if someone uploaded this package for me. Cheers, Giuseppe.
diff -u libmikmod-3.1.11/debian/changelog libmikmod-3.1.11/debian/changelog
--- libmikmod-3.1.11/debian/changelog
+++ libmikmod-3.1.11/debian/changelog
@@ -1,3 +1,15 @@
+libmikmod (3.1.11-6.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * debian/patch/CVE-2007-6720.patch: Fixed application crash or abort when
+ loading/playing multiple music files with varying number of channels.
+ (CVE-2007-6720) (Closes: #461519)
+ * debian/patch/CVE-2009-0179.patch: Fixed application crash when loading XM
+ files. (CVE-2009-0179) (Closes: #476339)
+
+
+ -- Giuseppe Iuculano <giuse...@iuculano.it> Wed, 05 Aug 2009 11:50:25 +0200
+
libmikmod (3.1.11-6) unstable; urgency=medium
* The "Play a .mod on your ia64 today!" release.
only in patch2:
unchanged:
--- libmikmod-3.1.11.orig/debian/patches/CVE-2009-0179.patch
+++ libmikmod-3.1.11/debian/patches/CVE-2009-0179.patch
@@ -0,0 +1,31 @@
+--- libmikmod-3.1.11.orig/loaders/load_xm.c
++++ libmikmod-3.1.11/loaders/load_xm.c
+@@ -622,7 +622,8 @@
+ /* read the remainder of the header */
+ for(u=headend-_mm_ftell(modreader);u;u--)
_mm_read_UBYTE(modreader);
+
+- if(_mm_eof(modreader)) {
++ /* last instrument is at the end of file in
version 0x0104 */
++ if(_mm_eof(modreader) && (mh->version<0x0104 ||
t<of.numins-1)) {
+ free(nextwav);free(wh);
+ nextwav=NULL;wh=NULL;
+ _mm_errno = MMERR_LOADING_SAMPLEINFO;
+--- libmikmod-3.1.11.orig/playercode/mloader.c
++++ libmikmod-3.1.11/playercode/mloader.c
+@@ -450,10 +450,12 @@
+ if (!l->Init || l->Init()) {
+ _mm_rewind(modreader);
+ ok = l->Load(curious);
+- /* propagate inflags=flags for in-module samples */
+- for (t = 0; t < of.numsmp; t++)
+- if (of.samples[t].inflags == 0)
+- of.samples[t].inflags = of.samples[t].flags;
++ if (ok) {
++ /* propagate inflags=flags for in-module samples */
++ for (t = 0; t < of.numsmp; t++)
++ if (of.samples[t].inflags == 0)
++ of.samples[t].inflags =
of.samples[t].flags;
++ }
+ } else
+ ok = 0;
+
only in patch2:
unchanged:
--- libmikmod-3.1.11.orig/debian/patches/CVE-2007-6720.patch
+++ libmikmod-3.1.11/debian/patches/CVE-2007-6720.patch
@@ -0,0 +1,38 @@
+--- libmikmod-3.1.11.orig/playercode/mplayer.c
++++ libmikmod-3.1.11/playercode/mplayer.c
+@@ -2318,7 +2318,7 @@
+ SAMPLE *s;
+
+ mod->totalchn=mod->realchn=0;
+- for (channel=0;channel<md_sngchn;channel++) {
++ for (channel=0;channel<mod->numchn;channel++) {
+ aout=&mod->voice[channel];
+ i=aout->main.i;
+ s=aout->main.s;
+@@ -3086,7 +3086,7 @@
+ pf->patbrk=0;
+ pf->vbtick=pf->sngspd;
+
+- for (t=0;t<md_sngchn;t++) {
++ for (t=0;t<pf->numchn;t++) {
+ Voice_Stop_internal(t);
+ pf->voice[t].main.i=NULL;
+ pf->voice[t].main.s=NULL;
+@@ -3111,7 +3111,7 @@
+ pf->patbrk=0;
+ pf->vbtick=pf->sngspd;
+
+- for (t=0;t<md_sngchn;t++) {
++ for (t=0;t<pf->numchn;t++) {
+ Voice_Stop_internal(t);
+ pf->voice[t].main.i=NULL;
+ pf->voice[t].main.s=NULL;
+@@ -3138,7 +3138,7 @@
+ pf->sngpos=pos;
+ pf->vbtick=pf->sngspd;
+
+- for (t=0;t<md_sngchn;t++) {
++ for (t=0;t<pf->numchn;t++) {
+ Voice_Stop_internal(t);
+ pf->voice[t].main.i=NULL;
+ pf->voice[t].main.s=NULL;
signature.asc
Description: OpenPGP digital signature
