{"affected":[{"ecosystem_specific":{"binaries":[{"libmodplug-devel":"0.3.17-lp151.2.3.1","libmodplug1":"0.3.17-lp151.2.3.1","libmodplug1-32bit":"0.3.17-lp151.2.3.1","libopenmpt-devel":"0.3.17-lp151.2.3.1","libopenmpt0":"0.3.17-lp151.2.3.1","libopenmpt0-32bit":"0.3.17-lp151.2.3.1","libopenmpt_modplug1":"0.3.17-lp151.2.3.1","libopenmpt_modplug1-32bit":"0.3.17-lp151.2.3.1","openmpt123":"0.3.17-lp151.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"libopenmpt","purl":"pkg:rpm/opensuse/libopenmpt&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.17-lp151.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libopenmpt fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-20861: Fixed crash with certain malformed custom tunings in MPTM files (bsc#1143578).\n- CVE-2018-20860: Fixed crash with malformed MED files (bsc#1143581).\n- CVE-2019-14383: Fixed J2B that allows an assertion failure during file parsing with debug STLs (bsc#1143584).\n- CVE-2019-14382: Fixed DSM that allows an assertion failure during file parsing with debug STLs (bsc#1143582).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:2213-1","modified":"2019-09-28T16:20:05Z","published":"2019-09-28T16:20:05Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LOV7R35TQSRA55LKR2PJ7FDBOISJ245H/#LOV7R35TQSRA55LKR2PJ7FDBOISJ245H"},{"type":"REPORT","url":"https://bugzilla.suse.com/1143578"},{"type":"REPORT","url":"https://bugzilla.suse.com/1143581"},{"type":"REPORT","url":"https://bugzilla.suse.com/1143582"},{"type":"REPORT","url":"https://bugzilla.suse.com/1143584"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20860"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20861"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14382"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-14383"}],"related":["CVE-2018-20860","CVE-2018-20861","CVE-2019-14382","CVE-2019-14383"],"summary":"Security update for libopenmpt","upstream":["CVE-2018-20860","CVE-2018-20861","CVE-2019-14382","CVE-2019-14383"]}