From ${URL} : Description SCRT Information Security has discovered two vulnerabilities in libmodplug, which can be exploited by malicious people to compromise an application using the library. 1) An error within the "abc_MIDI_drum()" function (src/load_abc.cpp) can be exploited to cause a buffer overflow via a specially crafted ABC file. 2) An integer overflow within the "abc_set_parts()" function (src/load_abc.cpp) can be exploited to corrupt heap memory via a specially crafted ABC file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 0.8.8.4. Other versions may also be affected. Solution: No official solution is currently available. Provided and/or discovered by: agixid, SCRT Information Security Original Advisory: http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/ @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
CVE-2013-4234 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4234): Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.
CVE-2013-4233 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4233): Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.
+*libmodplug-0.8.8.5 (04 Aug 2014) + + 04 Aug 2014; Tony Vroon <chainsaw@gentoo.org> +libmodplug-0.8.8.5.ebuild, + +files/libmodplug-0.8.8.5-no-fast-math.patch, + +files/libmodplug-0.8.8.5-psm-omf2097-fixes.patch, metadata.xml: + Version bump, as requested by Tom Wijsman in bug #516926. Handle OMF2097 PSM + files correctly, filed upstream on Github as pull request 19. Arches, please test & mark stable: =media-libs/libmodplug-0.8.8.5 Target stable keywords: alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86
Stable for HPPA.
x86 stable
Stable on alpha.
ppc stable
ppc64 stable
amd64 stable
ia64 stable
sparc stable
arm stable, all arches done.
+ 13 Aug 2014; Tony Vroon <chainsaw@gentoo.org> -libmodplug-0.8.8.2.ebuild, + -libmodplug-0.8.8.4.ebuild, -libmodplug-0.8.8.4-r1.ebuild: + Remove vulnerable ebuilds for security bug #480388. Security, please vote.
Arches and Maintainer(s), Thank you for your work. > Security, please vote. This is a B2 which is as per security policy is an automatic GLSA without a vote. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201408-07 at http://security.gentoo.org/glsa/glsa-201408-07.xml by GLSA coordinator Mikle Kolyada (Zlogene).