{"affected":[{"ecosystem_specific":{"binaries":[{"libmodplug-devel":"0.3.9-3.3.1","libmodplug1":"0.3.9-3.3.1","libopenmpt-devel":"0.3.9-3.3.1","libopenmpt0":"0.3.9-3.3.1","libopenmpt_modplug1":"0.3.9-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"libopenmpt","purl":"pkg:rpm/suse/libopenmpt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.9-3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libopenmpt to version 0.3.9 fixes the following issues:\n\nThese security issues were fixed:\n\n- CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when\n  reading AMS files (bsc#1095644)\n- CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files\n  containing pattern loops (bsc#1089080)\n\nThese non-security issues were fixed:\n\n- [Bug] openmpt123: Fixed build failure in C++17 due to use of\n  removed feature std::random_shuffle.\n- STM: Having both Bxx and Cxx commands in a pattern imported\n  the Bxx command incorrectly.\n- STM: Last character of sample name was missing.\n- Speed up reading of truncated ULT files.\n- ULT: Portamento import was sometimes broken.\n- The resonant filter was sometimes unstable when combining\n  low-volume samples, low cutoff and high mixing rates.\n- Keep track of active SFx macro during seeking.\n- The 'note cut' duplicate note action did not volume-ramp the\n  previously playing sample.\n- A song starting with non-existing patterns could not be played.\n- DSM: Support restart position and 16-bit samples.\n- DTM: Import global volume.\n","id":"SUSE-SU-2018:1951-1","modified":"2018-07-13T07:26:21Z","published":"2018-07-13T07:26:21Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181951-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1089080"},{"type":"REPORT","url":"https://bugzilla.suse.com/1095644"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10017"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-11710"}],"related":["CVE-2018-10017","CVE-2018-11710"],"summary":"Security update for libopenmpt","upstream":["CVE-2018-10017","CVE-2018-11710"]}