WANTED: mikmod patches

[Thomas Biege <thomas () suse de>]

Hello,
has somebody a pointer to the patches for CVE-2009-3996
and CVE-2009-3995?

The last release from upstream was 2+ yrs old.


These IDs are from a Secunia advisory about mikmod:
..
====================================================================== 
3) Vendor's Description of Software 

"Mikmod is a module player and library supporting many formats,
including mod, s3m, it, and xm.".

Product Link:
http://sourceforge.net/projects/mikmod/

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered some vulnerabilities in libmikmod,
which can be exploited by malicious people to potentially compromise a
user's system.

1) Three boundary errors in the Impulse Tracker parser when parsing 
an instrument containing a column, panning, or pitch envelope with 
more than ENVPOINTS (32) points can result in a heap-based buffer 
overflow.

2) A boundary error in the Ultratracker parser when parsing a file 
with more than UF_MAXCHAN (64) channels can result in a heap-based 
buffer overflow.

Successful exploitation may allow arbitrary code execution in the
context of the process using the libmikmod library when opening a
specially crafted module file.




-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach