1) CVE-2019-14496 Description: "LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow." URL: https://github.com/milkytracker/MilkyTracker/issues/183 2) CVE-2019-14497 Description: "ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow." URL: https://github.com/milkytracker/MilkyTracker/issues/182 --- Patch for both: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7 The vulnerable code appears to be in the version (1.0.0) currently in tree: https://github.com/milkytracker/MilkyTracker/blob/v1.0.0/src/milkyplay/LoaderXM.cpp#L67
3) CVE-2019-14464 Description: "XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a heap-based buffer overflow." URL: https://github.com/milkytracker/MilkyTracker/issues/184 Patch: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
A use-after-free patch: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
(In reply to John Helmert III (ajak) from comment #2) > A use-after-free patch: > > https://github.com/milkytracker/MilkyTracker/commit/ > 7afd55c42ad80d01a339197a2d8b5461d214edaf Assigned CVE-2020-15569
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e850373228ff95fb18186bf65f5cf31e127f99e commit 6e850373228ff95fb18186bf65f5cf31e127f99e Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-06 03:50:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-19 23:38:34 +0000 media-sound/milkytracker: Drop 1.0.0 Bug: https://bugs.gentoo.org/711280 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16605 Signed-off-by: Sam James <sam@gentoo.org> media-sound/milkytracker/Manifest | 1 - .../files/milkytracker-1.0.0-cmake.patch | 148 --------------------- .../files/milkytracker-1.0.0-docdir.patch | 71 ---------- media-sound/milkytracker/milkytracker-1.0.0.ebuild | 46 ------- 4 files changed, 266 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2261786b3997b6ce70aae655928c625abc305f3 commit d2261786b3997b6ce70aae655928c625abc305f3 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-06 03:38:48 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-19 23:38:33 +0000 media-sound/milkytracker: Add 1.02.00 (security) Bug: https://bugs.gentoo.org/711280 Closes: https://bugs.gentoo.org/711564 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> media-sound/milkytracker/Manifest | 2 + .../milkytracker-1.02.00-CVE-2019-14464.patch | 26 ++++++ .../milkytracker-1.02.00-CVE-2019-1449x.patch | 104 +++++++++++++++++++++ .../milkytracker-1.02.00-CVE-2020-15569.patch | 35 +++++++ .../milkytracker/milkytracker-1.02.00.ebuild | 53 +++++++++++ 5 files changed, 220 insertions(+)
All done. Closing.