oss-sec mailing list archives
Re: WANTED: mikmod patches
From: Kees Cook <kees () ubuntu com>
Date: Sat, 6 Mar 2010 09:50:53 -0800
On Mon, Feb 22, 2010 at 02:16:58PM +0100, Thomas Biege wrote:
has somebody a pointer to the patches for CVE-2009-3996 and CVE-2009-3995? The last release from upstream was 2+ yrs old. These IDs are from a Secunia advisory about mikmod:
http://secunia.com/secunia_research/2009-55/ Looks like the CVEs need to be updated -- they were assigned only for WinAmp originally: CVE-2009-3995: http://secunia.com/secunia_research/2009-52/ "Impulse Tracker Instrument" http://secunia.com/secunia_research/2009-53/ "Impulse Tracker Sample" CVE-2009-3996: http://secunia.com/secunia_research/2009-56/ "Ultratracker File" Dyon, do you have any reproducers you could share to help distros get libmidmod patched? Thanks, -Kees -- Kees Cook Ubuntu Security Team
Current thread:
- WANTED: mikmod patches Thomas Biege (Feb 22)
- Re: WANTED: mikmod patches Kees Cook (Mar 06)