Security update for schismtracker
This update for schismtracker fixes the following issues:
The following security issues were fixed:
- CVE-2019-14523: Fixed an integer underflow in the Amiga Oktalyzer parser (boo#1144266).
- CVE-2019-14524: Fixed a heap overflow in the MTM loader (boo#1144261).
The following non-security issues were fixed:
- Support 15-channel MOD files.
- Support undocumented MIDI macro characters, and support character p (MIDI program) properly.
-
Submitted by
Jan Engelhardt (jengelh)
Fixed bugs
bnc#1144266
VUL-1: CVE-2019-14523: schismtracker: An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.
bnc#1144261
VUL-0: CVE-2019-14524: schismtracker: An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c
