[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1961-1] milkytracker security update



Package        : milkytracker
Version        : 0.90.85+dfsg-2.2+deb8u1
CVE ID         : CVE-2019-14464 CVE-2019-14496 CVE-2019-14497
Debian Bug     : 933964


Fredric discovered a couple of buffer overflows in MilkyTracker, of which,
a brief description is given below.

CVE-2019-14464

    XMFile::read in XMFile.cpp in milkyplay in MilkyTracker had a heap-based
    buffer overflow.

CVE-2019-14496

    LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker had a
    stack-based buffer overflow.

CVE-2019-14497

    ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker
    had a heap-based buffer overflow.


For Debian 8 "Jessie", these problems have been fixed in version
0.90.85+dfsg-2.2+deb8u1.

We recommend that you upgrade your milkytracker packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: