Overview

File _patchinfo of Package patchinfo.10937

<patchinfo incident="10937">
  <issue tracker="cve" id="2019-14524"/>
  <issue tracker="cve" id="2019-14523"/>
  <issue tracker="bnc" id="1144266">VUL-1: CVE-2019-14523: schismtracker: An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.</issue>
  <issue tracker="bnc" id="1144261">VUL-0: CVE-2019-14524: schismtracker: An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c</issue>
  <packager>jengelh</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for schismtracker</summary>
  <description>This update for schismtracker fixes the following issues:

The following security issues were fixed:

- CVE-2019-14523: Fixed an integer underflow in the Amiga Oktalyzer parser (boo#1144266).
- CVE-2019-14524: Fixed a heap overflow in the MTM loader (boo#1144261).

The following non-security issues were fixed:

- Support 15-channel MOD files.
- Support undocumented MIDI macro characters, and support character p (MIDI program) properly.

This update was imported from the openSUSE:Leap:15.0:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places