oss-sec mailing list archives

Re: WANTED: mikmod patches

From: Kees Cook <kees () ubuntu com>
Date: Sat, 6 Mar 2010 09:50:53 -0800

On Mon, Feb 22, 2010 at 02:16:58PM +0100, Thomas Biege wrote:

has somebody a pointer to the patches for CVE-2009-3996
and CVE-2009-3995?

The last release from upstream was 2+ yrs old.

These IDs are from a Secunia advisory about mikmod:


http://secunia.com/secunia_research/2009-55/

Looks like the CVEs need to be updated -- they were assigned only for
WinAmp originally:

CVE-2009-3995:
http://secunia.com/secunia_research/2009-52/ "Impulse Tracker Instrument"
http://secunia.com/secunia_research/2009-53/ "Impulse Tracker Sample"

CVE-2009-3996:
http://secunia.com/secunia_research/2009-56/ "Ultratracker File"

Dyon, do you have any reproducers you could share to help distros get
libmidmod patched?

Thanks,

-Kees

-- 
Kees Cook
Ubuntu Security Team

Current thread:

WANTED: mikmod patches Thomas Biege (Feb 22)
- Re: WANTED: mikmod patches Kees Cook (Mar 06)