FS#36799 : [libmodplug] security patches for CVE-2013-4233 and CVE-2013-4234

FS#36799 - [libmodplug] security patches for CVE-2013-4233 and CVE-2013-4234

Attached to Project: Arch Linux
Opened by RbN (RbN) - Thursday, 05 September 2013, 18:22 GMT
Last edited by Eric Belanger (Snowman) - Thursday, 05 September 2013, 20:04 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Eric Belanger (Snowman)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description :
libmodplug is vulnerable to an integer overflow (CVE-2013-4233) and a
heap overflow (CVE-2013-4234). This bugs can be triggered remotely
(using firefox to call vlc on a crafted abc file).

Patches :
CVE-2013-4233 patch : http://sourceforge.net/p/modplug-xmms/git/ci/c4d4e047862649a75f6dba905c613aff0df81309/
CVE-2013-4234 patch : http://sourceforge.net/p/modplug-xmms/git/ci/5de53a46283e7c463115444a9339978011dab961/

Some more patches (not CVE related) can be found here :
http://sourceforge.net/p/modplug-xmms/git/ci/bc8cb8248788c05b77da7d653f4c677354339a21/log/?path=/libmodplug

Not tested

This task depends upon

Closed by Eric Belanger (Snowman)
Thursday, 05 September 2013, 20:04 GMT
Reason for closing: Fixed
Additional comments about closing: libmodplug-0.8.8.4-2

Comment by RbN (RbN) - Thursday, 05 September 2013, 18:26 GMT

Severity should probably be increased, according to https://www.archlinux.de/?page=PackageStatistics, this package is used by more than 90% of archlinux users.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#36799 - [libmodplug] security patches for CVE-2013-4233 and CVE-2013-4234

Details

Loading...