Bug#933964: milkytracker: CVE-2019-14464 CVE-2019-14496 CVE-2019-14497

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#933964: milkytracker: CVE-2019-14464 CVE-2019-14496 CVE-2019-14497
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 05 Aug 2019 17:12:13 +0200
Message-id: <[🔎] 156501793382.26079.14846367708674362197.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 933964@bugs.debian.org

Source: milkytracker
Version: 1.02.00+dfsg-1
Severity: important
Tags: security upstream

Hi,

The following vulnerabilities were published for milkytracker.

CVE-2019-14464[0]:
| XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a
| heap-based buffer overflow.


CVE-2019-14496[1]:
| LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00
| has a stack-based buffer overflow.


CVE-2019-14497[2]:
| ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in
| MilkyTracker 1.02.00 has a heap-based buffer overflow.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-14464
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14464
[1] https://security-tracker.debian.org/tracker/CVE-2019-14496
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14496
[2] https://security-tracker.debian.org/tracker/CVE-2019-14497
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14497

Regards,
Salvatore

Reply to:

Prev by Date: Processing of fluidsynth_1.1.11-4_source.changes
Next by Date: Processing of fluidsynth_2.0.5-1_source.changes
Previous by thread: Processing of fluidsynth_1.1.11-4_source.changes
Next by thread: Processing of fluidsynth_2.0.5-1_source.changes
Index(es):
- Date
- Thread