{"affected":[{"ecosystem_specific":{"binaries":[{"libmodplug1":"0.8.9.0+git20170610.f6dd59a-15.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"libmodplug","purl":"pkg:rpm/suse/libmodplug&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.8.9.0+git20170610.f6dd59a-15.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libmodplug-devel":"0.8.9.0+git20170610.f6dd59a-15.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"libmodplug","purl":"pkg:rpm/suse/libmodplug&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.8.9.0+git20170610.f6dd59a-15.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libmodplug1":"0.8.9.0+git20170610.f6dd59a-15.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"libmodplug","purl":"pkg:rpm/suse/libmodplug&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.8.9.0+git20170610.f6dd59a-15.4.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libmodplug1":"0.8.9.0+git20170610.f6dd59a-15.4.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"libmodplug","purl":"pkg:rpm/suse/libmodplug&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.8.9.0+git20170610.f6dd59a-15.4.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libmodplug fixes the following issues:\n\n- Update to version 0.8.9.0+git20170610.f6dd59a bsc#1022032:\n  * PSM: add missing line to commit\n  * ABC: prevent possible increment of p past end\n  * ABC: ensure read pointer is valid before incrementing\n  * ABC: terminate early when things don't work in substitute\n  * OKT: add one more bound check\n  * FAR: out by one on check\n  * ABC: 10 digit ints require null termination\n  * PSM: make sure reads occur of only valid ins\n  * ABC: cleanup tracks correctly.\n  * WAV: check that there is space for both headers\n  * OKT: ensure file size is enough to contain data\n  * ABC: initialize earlier\n  * ABC: ensure array access is bounded correctly.\n  * ABC: clean up loop exiting code\n  * ABC: avoid possibility of incrementing *p\n  * ABC: abort early if macro would be blank\n  * ABC: Use blankline more often\n  * ABC: Ensure for loop does not increment past end of loop\n  * Initialize nPatterns to 0 earlier\n  * Check memory position isn't over the memory length\n  * ABC: transpose only needs to look at notes (<26)\n\n- Update to version 0.8.9.0+git20171024.e9fc46e:\n  * Spelling fixes\n  * Bump version number to 0.8.9.0\n  * MMCMP: Check that end pointer is within the file size\n  * WAV: ensure integer doesn't overflow\n  * XM: additional mempos check\n  * sndmix: Don't process row if its empty.\n  * snd_fx: dont include patterns of zero size in length calc\n  * MT2,AMF: prevent OOB reads\n\n- Add patch for broken pc file where quite some upstream refer to\n  modplug directly without specifying the subdir it is in.\n\n- Update to version 0.8.8.5\n  * Some security issues: CVE-2013-4233, CVE-2013-4234, as well as\n    many fixes suggested by static analyzers: clang build-scan, and coverity.\n- Stop using dos2unix\n- Run through spec-cleaner\n- Use full URL in Source tag\n","id":"SUSE-SU-2018:1441-1","modified":"2018-05-28T05:14:01Z","published":"2018-05-28T05:14:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181441-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1022032"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-4233"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2013-4234"}],"related":["CVE-2013-4233","CVE-2013-4234"],"summary":"Security update for libmodplug","upstream":["CVE-2013-4233","CVE-2013-4234"]}