#19694 – CVE-2009-1438 "CSoundFile::ReadMed()" Integer Overflow Vulnerability

Bug 19694 - CVE-2009-1438 "CSoundFile::ReadMed()" Integer Overflow Vulnerability

Summary: CVE-2009-1438 "CSoundFile::ReadMed()" Integer Overflow Vulnerability

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	libmodplug (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	placeholder@altlinux.org
QA Contact:	qa-sisyphus

URL:	http://sourceforge.net/project/showno...
Keywords:	security

Depends on:
Blocks:

Reported:	2009-04-21 01:01 MSD by Vladimir Lettiev
Modified:	2009-05-22 07:14 MSD (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2009-04-21 01:01:35 MSD

Обнаружено целочисленное переполнение в функции CSoundFile::ReadMed() в src/load_med.cpp при загрузке MED файлов.
Upstream выпустил исправление в виде новой версии 0.8.6

Comment 1 Vladimir Lettiev 2009-04-28 20:18:23 MSD

0.8.6->0.8.7

Comment 2 Vladimir Lettiev 2009-05-01 11:21:17 MSD

прошу выдать NMU
git://git.altlinux.org/people/crux/packages/libmodplug.git

Comment 3 Dmitry V. Levin 2009-05-01 15:20:06 MSD

(In reply to comment #2)
> прошу выдать NMU
> git://git.altlinux.org/people/crux/packages/libmodplug.git

ack

Comment 4 Repository Robot 2009-05-01 15:42:23 MSD

libmodplug-0.8.7-alt1 -> sisyphus:

* Fri May 01 2009 Vladimir Lettiev <crux@altlinux> 0.8.7-alt1

- NMU: 0.8.7
- Security fixes:
  + CVE-2009-1438 (Closes: 19694)
  + PATinst() Buffer Overflow Vulnerability (Closes: 19824)
- removed obosolete post{,un}_ldconfig

Comment 5 Vladimir Lettiev 2009-05-04 10:30:37 MSD

closed