From the third party advisory at $URL: Vulnerability overview/description: ----------------------------------- Libmodplug library is prone to a stack based buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious S3M media files. @sound, =media-libs/libmodplug-0.8.8.2 is reported as fixed, and is already in the tree. Is it ok to stabilize? Thank you.
yep its ok for me
arches, please test and mark stable: =media-libs/libmodplug-0.8.8.2 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
amd64 works.
x86 stable. Thanks.
arm stable
amd64 stable
Stable on alpha.
ia64/ppc/ppc64 stable
Stable for HPPA.
sh/sparc stable
Thanks, folks. GLSA request filed.
CVE-2011-1574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1574): Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.
This issue was resolved and addressed in GLSA 201203-16 at http://security.gentoo.org/glsa/glsa-201203-16.xml by GLSA coordinator Sean Amoss (ackle).