Source: libopenmpt Version: 0.2.7025~beta20.1-1 Severity: grave Tags: security upstream fixed-upstream
Hi, libopenmpt 0.3.8 was released with a security update. I requested a CVE and got CVE-2018-10017 assigned for it (the "[Sec]" line in the changelog). https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/ > libopenmpt 0.3.8 (2018-04-08) > [Sec] Possible out-of-bounds memory read with IT and MO3 files containing > many nested pattern loops (r10028). > > Keep track of active SFx macro during seeking. > The “note cut” duplicate note action did not volume-ramp the previously > playing sample. > A song starting with non-existing patterns could not be played. > DSM: Support restart position and 16-bit samples. > DTM: Import global volume. Thanks, James
signature.asc
Description: OpenPGP digital signature