SUSE Package Hub - openSUSE-2019-2019

Update Info

openSUSE-2019-2019

Security update for schismtracker

Type: security

Severity: important

Issued: 2019-08-29

Description:

This update for schismtracker fixes the following issues:

The following security issues were fixed:

- CVE-2019-14523: Fixed an integer underflow in the Amiga Oktalyzer parser (boo#1144266).
- CVE-2019-14524: Fixed a heap overflow in the MTM loader (boo#1144261).

The following non-security issues were fixed:

- Support 15-channel MOD files.
- Support undocumented MIDI macro characters, and support character p (MIDI program) properly.

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

CVE: CVE-2019-14524
CVE: CVE-2019-14523
Bugzilla: 1144266 VUL-1: CVE-2019-14523: schismtracker: An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.
Bugzilla: 1144261 VUL-0: CVE-2019-14524: schismtracker: An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c

Packages

schismtracker-20190805-bp151.4.3.1