Security update for libmodplug SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0803-1 Final 1 1 2018-03-23T18:03:12Z current 2018-03-23T18:03:12Z 2018-03-23T18:03:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libmodplug This update for libmodplug fixes the following issues: Several security and non security issues where fixed: - Update to version 0.8.9.0+git20170610.f6dd59a boo#1022032: * PSM: add missing line to commit * ABC: prevent possible increment of p past end * ABC: ensure read pointer is valid before incrementing * ABC: terminate early when things don't work in substitute * OKT: add one more bound check * FAR: out by one on check * ABC: 10 digit ints require null termination * PSM: make sure reads occur of only valid ins * ABC: cleanup tracks correctly. * WAV: check that there is space for both headers * OKT: ensure file size is enough to contain data * ABC: initialize earlier * ABC: ensure array access is bounded correctly. * ABC: clean up loop exiting code * ABC: avoid possibility of incrementing *p * ABC: abort early if macro would be blank * ABC: Use blankline more often * ABC: Ensure for loop does not increment past end of loop * Initialize nPatterns to 0 earlier * Check memory position isn't over the memory length * ABC: transpose only needs to look at notes (<26) * Spelling fixes * Bump version number to 0.8.9.0 * MMCMP: Check that end pointer is within the file size * WAV: ensure integer doesn't overflow * XM: additional mempos check * sndmix: Don't process row if its empty. * snd_fx: dont include patterns of zero size in length calc * MT2,AMF: prevent OOB reads The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-03/msg00093.html E-Mail link for openSUSE-SU-2018:0803-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libmodplug-0.8.9.0+git20170610.f6dd59a-8.3.1 libmodplug-devel-0.8.9.0+git20170610.f6dd59a-8.3.1 libmodplug1-0.8.9.0+git20170610.f6dd59a-8.3.1 libmodplug1-32bit-0.8.9.0+git20170610.f6dd59a-8.3.1 libmodplug-0.8.9.0+git20170610.f6dd59a-8.3.1 as a component of openSUSE Leap 42.3 libmodplug-devel-0.8.9.0+git20170610.f6dd59a-8.3.1 as a component of openSUSE Leap 42.3 libmodplug1-0.8.9.0+git20170610.f6dd59a-8.3.1 as a component of openSUSE Leap 42.3 libmodplug1-32bit-0.8.9.0+git20170610.f6dd59a-8.3.1 as a component of openSUSE Leap 42.3