CVE-2019-15151 (https://nvd.nist.gov/vuln/detail/CVE-2019-15151): AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. CVE-2019-14734 (https://nvd.nist.gov/vuln/detail/CVE-2019-14734): AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. CVE-2019-14733 (https://nvd.nist.gov/vuln/detail/CVE-2019-14733): AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. CVE-2019-14732 (https://nvd.nist.gov/vuln/detail/CVE-2019-14732): AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp. CVE-2019-14692 (https://nvd.nist.gov/vuln/detail/CVE-2019-14692): AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. CVE-2019-14691 (https://nvd.nist.gov/vuln/detail/CVE-2019-14691): AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. CVE-2019-14690 (https://nvd.nist.gov/vuln/detail/CVE-2019-14690): AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. CVE-2018-17825 (https://nvd.nist.gov/vuln/detail/CVE-2018-17825): An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d27a9e33ba053d9ddd833ebaa4c52dc5f7b496aa commit d27a9e33ba053d9ddd833ebaa4c52dc5f7b496aa Author: David Seifert <soap@gentoo.org> AuthorDate: 2020-01-25 19:02:28 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2020-01-25 19:02:28 +0000 package.mask: Last rite media-libs/adplug Bug: https://bugs.gentoo.org/706346 Closes: https://github.com/gentoo/gentoo/pull/14443 Signed-off-by: David Seifert <soap@gentoo.org> profiles/package.mask | 10 ++++++++++ 1 file changed, 10 insertions(+)
gone. I do not think removal glsa is needed.
