Bug#989955: libopenmpt: new upstream release 0.4.21
Source: libopenmpt
Version: 0.4.11
Severity: important
X-Debbugs-Cc: osmanx@problemloesungsmaschine.de
Dear Maintainer,
libopenmpt 0.4.x has new upstream release 0.4.21. This fixes, amongst many other fixes, a security vulnerability:
https://lib.openmpt.org/libopenmpt/2021/04/11/security-updates-0.5.8-0.4.20-0.3.29/
I'm the libopenmpt upstream maintainer. If you encounter any problems updating, please feel free to contact me and ask for assistence.
Seeing that Debian 11 is going into freeze soon, I highly suggest updating to the latest libopenmpt version now.
If updating to 0.5 causes too much trouble by now, updating to at least 0.4.21 should be trivial. Even though libopenmpt deprecated the included libopenmpt-modplug emulation layer in 0.4.13 (see <https://lib.openmpt.org/libopenmpt/2020/05/24/releases-0.5.0-0.4.13-0.3.22/>), 0.4.x still continues (and will continue) to ship it (staying with libmodplug 0.8.8.5 API/ABI).
Updating to 0.5 and the split-out libopenmpt-modplug package will be required to fix #958377 though, which appears to be desireable to support VLC.
-- System Information:
Debian Release: 11.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armel, s390x, armhf, arm64, ppc64el
Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Reply to: