Summary: | <media-sound/schismtracker-20190805: Multiple vulnerabilities (CVE-2019-{14465,14523,14524}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fordfrog, sound |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/schismtracker/schismtracker/issues/202 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
media-sound/schismtracker-20210525
|
Runtime testing required: | --- |
Description
Sam James
![]() ![]() ![]() ![]() 2) CVE-2019-14465 Description: "fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow." Bug: https://github.com/schismtracker/schismtracker/issues/198 Fixed release, as above: https://github.com/schismtracker/schismtracker/releases/tag/20190805 CVE-2019-14524 (https://nvd.nist.gov/vuln/detail/CVE-2019-14524): An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. CVE-2019-14523 (https://nvd.nist.gov/vuln/detail/CVE-2019-14523): An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c134ef752894193bdc518219e6ea242321ee3ce1 commit c134ef752894193bdc518219e6ea242321ee3ce1 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-04-29 07:27:42 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-04-29 07:28:01 +0000 media-sound/schismtracker: bump to 20190805 Bug: https://bugs.gentoo.org/711210 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-sound/schismtracker/Manifest | 1 + .../schismtracker/schismtracker-20190805.ebuild | 52 ++++++++++++++++++++++ 2 files changed, 53 insertions(+) i suppose the new version can be stabilized in a few days. there is a qa issue reported but i'm really not sure whether this is wrong, it just uses the input file twice, once for input and once for constructing output file name. or am i wrong? * QA Notice: This package installs one or more .desktop files that do not * pass validation. * * /usr/share/applications/schism.desktop: error: file contains group "Desktop Action Render WAV", which has an invalid action identifier, only alphanumeric characters and '-' are allowed * /usr/share/applications/schism.desktop: error: value "schismtracker --diskwrite=%f.wav %f" for key "Exec" in group "Desktop Action Render WAV" may contain at most one "0,000000", "102", "0,000000" or "%U" field code x86 done amd64 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=344dffd5f69509b34eb06a3b41c32be397ec7dc6 commit 344dffd5f69509b34eb06a3b41c32be397ec7dc6 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-05-09 07:58:14 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-05-09 07:58:50 +0000 media-sound/schismtracker: removed obsolete and vulnerable 20180810-r1 Bug: https://bugs.gentoo.org/711210 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> media-sound/schismtracker/Manifest | 1 - .../schismtracker/schismtracker-20180810-r1.ebuild | 60 ---------------------- 2 files changed, 61 deletions(-) the tree is clean now, you can proceed. Thank you! Downgrading to B3. New GLSA request filed. Unable to check for sanity:
> no match for package: media-sound/schismtracker-20190805
This issue was resolved and addressed in GLSA 202107-12 at https://security.gentoo.org/glsa/202107-12 by GLSA coordinator Sam James (sam_c). |