From the third party advisory at $URL:
Libmodplug library is prone to a stack based buffer overflow
vulnerability due to insufficient validation of user supplied data. An
attacker is able to execute arbitrary code in the context of the user
when opening malicious S3M media files.
@sound, =media-libs/libmodplug-0.8.8.2 is reported as fixed, and is already in the tree. Is it ok to stabilize? Thank you.
yep its ok for me
arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
x86 stable. Thanks.
Stable on alpha.
Stable for HPPA.
Thanks, folks. GLSA request filed.
Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in
libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code
via a crafted S3M file.
This issue was resolved and addressed in
GLSA 201203-16 at http://security.gentoo.org/glsa/glsa-201203-16.xml
by GLSA coordinator Sean Amoss (ackle).