Fixes an overlow, not sure if it's an security kind. Security, see libtimidity-0.1.0-newlen-overflow.patch
amd64/x86 stable
Sparc stable.
Hendrik, can you tell if the flaw this patch fixes could be exploited?
ppc stable
If I get this right, the patch changes the data type of newlen from a signed int to an unsigned int, doubling the value range. That might be a step to avoid an integer overflow, but still if the newlen was negative, safe_malloc does a check on (p == NULL) which would make the application shut down on a negative value passed to malloc. So, I'd say that's a client DoS at the most. If newlen is overflown, the app would stop, if it isn't, the allocated heap buffer should be big enough.
I'll leave it entirely under your consideration (but the package can go stable either way), it's just matter of how you'll post handle it.
libtimidity is used by FusionSound (which is used by DirectFB) and also media-sound/moc, nothing else in our tree is using it (unless there is automagic's)
ppc64 done
I guess the security flaw is too far fetch.