Source: wildmidi Version: 0.4.0-1 Severity: important Tags: patch security upstream Forwarded: https://github.com/Mindwerks/wildmidi/issues/178
Hi, the following vulnerability was published for wildmidi. CVE-2017-1000418[0]: | The WildMidi_Open function in WildMIDI since commit | d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to | cause a denial of service (heap-based buffer overflow and application | crash) or possibly have unspecified other impact via a crafted file. Note the CVE description looks wrong regarding "since commit" because that's just the preceding commit to the fixing commit, AFAICS. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000418 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000418 [1] https://github.com/Mindwerks/wildmidi/issues/178 [2] https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
