Accepted milkytracker 0.90.86+dfsg-2+deb9u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 Jul 2020 10:37:55 +0300
Source: milkytracker
Binary: milkytracker
Architecture: source
Version: 0.90.86+dfsg-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Multimedia Team <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
milkytracker - music creation tool inspired by Fast Tracker 2
Changes:
milkytracker (0.90.86+dfsg-2+deb9u1) stretch-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* CVE-2019-14464: Heap-based buffer overflow in XMFile::read
* CVE-2019-14496: Stack-based buffer overflow in LoaderXM::load
* CVE-2019-14497: Heap-based buffer overflow in
ModuleEditor::convertInstrument
* CVE-2020-15569: Use-after-free in the PlayerGeneric destructor
Checksums-Sha1:
9e0e9b36432a859568e56b910a051c79ad125e24 2235 milkytracker_0.90.86+dfsg-2+deb9u1.dsc
707519ca718aaf5934b83226fa516422cd4df00b 1598344 milkytracker_0.90.86+dfsg.orig.tar.bz2
74084ac3de437b5e3550af82ed65451cc9876f8f 13156 milkytracker_0.90.86+dfsg-2+deb9u1.debian.tar.xz
Checksums-Sha256:
64e754eefc1d591dc006c8d72556bcb59fdaf96b851536fefacd8a4e58506289 2235 milkytracker_0.90.86+dfsg-2+deb9u1.dsc
e1c5b071b6a944e85b3c3114a6f05b5bba4584d77522914644738c8fadc62d8d 1598344 milkytracker_0.90.86+dfsg.orig.tar.bz2
8437304f06ee983a50d6966734225cefd9b9a2ec2883a39b8317460bac351a08 13156 milkytracker_0.90.86+dfsg-2+deb9u1.debian.tar.xz
Files:
a0d98dda41777b29cd7b9fce81935cf6 2235 sound optional milkytracker_0.90.86+dfsg-2+deb9u1.dsc
25adb6caa64565299979269c00aeba68 1598344 sound optional milkytracker_0.90.86+dfsg.orig.tar.bz2
c27011aea19d2652245bda2bf4766e81 13156 sound optional milkytracker_0.90.86+dfsg-2+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl8e1C8ACgkQiNJCh6LY
mLHLoRAAyZlaoVmFMBlhxu6fi0eDKYIEPB9MhAOhMjkqhQNCBzsxzjEUG/bJ2GJD
WwiDygW5pha9h3TodV38uX6FOi4ndYL8nkQUCjhn87G2cs/jLBvWzgabAaelVJeF
1RxJeD9mqSa+uQ2+lJTWIJzpFdKN1duPF6XT0BZrYjuT5Za1395GZ8HBWtJTNSS8
k+0fzXhT4/tM6A++OngT1q7VdoOOKpQmJS5Fb9sDe+t3uuQMwScN+/fMIr60yHi9
wZAWUorbGe3b6pLVZsMiRFJhJrJ3BZDj4XwCzdRV8nC/urfNTOpPJvXJjmXsg1ox
3k50WwCmldTRnf+fjV+LYhe4yF0KTMYFDJaMmEfkaMx0u2tiioj/axbse+1nEs67
ywkT46ZpmQXjKZY4dJL1VK0Ezx+sCCHDVCmf6jJd1PIL17YNwGd2HMYbqV8BdKaI
Hk8HrTf0fj1MmFZWMNLJEF6X832FwmGtEwWqDHPOBBZjEzGat0HYrw2iSWaqM3Qh
UvJb17x4/kQPkOqoL/qTXSuYiPthuamNGcxG6trI51D5HMruFqrZmLfmz/01vuZ3
1ZJAZzUEP2wo/tpbg0tI+IbRjZOtNT9Hx2sZDw6JksgGPrxa/mtZFwNPYgIKfR2N
JdPi7URaGVmG2M1nlcgkXhux0s7Khz6xl0w23qEhhTSbkqIH788=
=h+bw
-----END PGP SIGNATURE-----
Reply to: