Bug#964797: milkytracker: CVE-2020-15569

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#964797: milkytracker: CVE-2020-15569
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 10 Jul 2020 17:00:03 +0200
Message-id: <[🔎] 159439320317.1777891.6308657323607403960.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 964797@bugs.debian.org

Source: milkytracker
Version: 1.02.00+dfsg-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Control: found -1 1.02.00+dfsg-1

Hi,

The following vulnerability was published for milkytracker.

CVE-2020-15569[0]:
| PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free
| in the PlayerGeneric destructor.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-15569
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15569
[1] https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: milkytracker: CVE-2020-15569
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#964797: milkytracker: diff for NMU version 1.02.00+dfsg-2.1
  - From: Adrian Bunk <bunk@debian.org>
- Processed: milkytracker: diff for NMU version 1.02.00+dfsg-2.1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: milkytracker: CVE-2020-15569
Next by Date: Bug#964802: blender: Blender crashes when importing movie in video editing mode
Previous by thread: Bug#964552: marked as done ([Security Issue][liblivemedia] stack buffer overflow in liblivemedia)
Next by thread: Processed: milkytracker: CVE-2020-15569
Index(es):
- Date
- Thread