Description: "An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c." NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-14523 Affects: < 20190722 Fixed release: https://github.com/schismtracker/schismtracker/releases/tag/20190805 Patch: https://github.com/schismtracker/schismtracker/commit/c8986a876959a9d282e882d782af351a86e4034c
2) CVE-2019-14465 Description: "fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow." Bug: https://github.com/schismtracker/schismtracker/issues/198 Fixed release, as above: https://github.com/schismtracker/schismtracker/releases/tag/20190805
CVE-2019-14524 (https://nvd.nist.gov/vuln/detail/CVE-2019-14524): An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. CVE-2019-14523 (https://nvd.nist.gov/vuln/detail/CVE-2019-14523): An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.
ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c134ef752894193bdc518219e6ea242321ee3ce1 commit c134ef752894193bdc518219e6ea242321ee3ce1 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-04-29 07:27:42 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-04-29 07:28:01 +0000 media-sound/schismtracker: bump to 20190805 Bug: https://bugs.gentoo.org/711210 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-sound/schismtracker/Manifest | 1 + .../schismtracker/schismtracker-20190805.ebuild | 52 ++++++++++++++++++++++ 2 files changed, 53 insertions(+)
i suppose the new version can be stabilized in a few days. there is a qa issue reported but i'm really not sure whether this is wrong, it just uses the input file twice, once for input and once for constructing output file name. or am i wrong? * QA Notice: This package installs one or more .desktop files that do not * pass validation. * * /usr/share/applications/schism.desktop: error: file contains group "Desktop Action Render WAV", which has an invalid action identifier, only alphanumeric characters and '-' are allowed * /usr/share/applications/schism.desktop: error: value "schismtracker --diskwrite=%f.wav %f" for key "Exec" in group "Desktop Action Render WAV" may contain at most one "0,000000", "102", "0,000000" or "%U" field code
x86 done
amd64 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=344dffd5f69509b34eb06a3b41c32be397ec7dc6 commit 344dffd5f69509b34eb06a3b41c32be397ec7dc6 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-05-09 07:58:14 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-05-09 07:58:50 +0000 media-sound/schismtracker: removed obsolete and vulnerable 20180810-r1 Bug: https://bugs.gentoo.org/711210 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-sound/schismtracker/Manifest | 1 - .../schismtracker/schismtracker-20180810-r1.ebuild | 60 ---------------------- 2 files changed, 61 deletions(-)
the tree is clean now, you can proceed.
Thank you!
Downgrading to B3. New GLSA request filed.
Unable to check for sanity: > no match for package: media-sound/schismtracker-20190805
This issue was resolved and addressed in GLSA 202107-12 at https://security.gentoo.org/glsa/202107-12 by GLSA coordinator Sam James (sam_c).
