Mehrere Probleme in ocp
ID: | FEDORA-2021-64168929e4 |
Distribution: | Fedora |
Plattformen: | Fedora 33 |
Datum: | Do, 14. Januar 2021, 08:14 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17825 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14692 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14690 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14734 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15151 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14691 |
Applikationen: | Open Cubic Player |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-64168929e4 2021-01-14 01:37:01.292546 -------------------------------------------------------------------------------- Name : ocp Product : Fedora 33 Version : 0.1.22 Release : 0.28.git849cc42.fc33 URL : http://stian.cubic.org/project-ocp.php Summary : Open Cubic Player for MOD/S3M/XM/IT/MIDI music files Description : Open Cubic Player is a music file player ported from DOS that supports Amiga MOD module formats and many variants, such as MTM, STM, 669, S3M, XM, and IT. It is also able to render MIDI files using sound patches and play SID, OGG Vorbis, FLAC, and WAV files. OCP provides a nice text-based interface with several text-based and graphical visualizations. -------------------------------------------------------------------------------- Update Information: AdPlug 2.3.3 ============ - New RAD player replacing the old one - Bug fixes: (huge thanks to Alexander Miller for these) - CVE-2019-14690 - buffer overflow in `.bmf` - CVE-2019-14691 - buffer overflow in `.dtm` - CVE-2019-14692 - buffer overflow in `.mkj` - CVE-2019-14732 - buffer overflow in `.a2m` - CVE-2019-14733 - buffer overflow in `.rad` - CVE-2019-14734 - buffer overflow in `.mtk` - CVE-2019-15151 - double free and OOB reads in `.u6m` - OOB reads in `.xad` - OOB reads in `.rix` AdPlug 2.3.2 ============ - Bug fixes: - FMOPL: Fix global variable pointer double-free (CVE-2018-17825) - HERAD: Fix compilation on GCC 4.2.1 - ADL: Calling `rewind()` before `update()` causes access violation - Move OPL reset/init code to `rewind()` for some players AdPlug 2.3.1 ============ - Fixed unconditional inclusion of "sys/io.h" on Linux - Autotools improvement - Non-recursive Automake, improved parallelizability - Compatibility fixes for FreeBSD's pmake and OpenBSD's make - Out-of-source building AdPlug 2.3 ========== - Bug fixes: - CMF: Fix uninitialised variable use (thanks binarymaster) - CMF: Handle invalid offsets without crashing - ROL: Prevent access beyond end of vector - MSC: Fix use of uninitialised variable - HSC: Handle out of range patterns more gracefully - MID: Fix out of range array read - LDS: Use the tempo stored inside the Loudness-File instead of simply returning 70Hz - RIX: Fix several replay bugs (thanks to Palxex) - RIX: Big-endian fix by Wei Mingzhi - XAD: Tempo fix - Various other out of bounds array fixes, timing fixes, etc. - New formats: - BMF: Easy AdLib 1.0 - CMF: SoundFX Macs Opera - GOT: God of Thunder - HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD) - MUS/IMS/MDI: AdLib Visual Composer ROL derivatives - SOP: sopepos' Note Player - VGM: Video Game Music - Allow compilation on platforms that don't support real OPL hardware access - Add support for compiling on Appveyor and publishing a NuGet package - Add Visual Studio 2015 projects - Add support for Travis CI builds - Add new CRC16 and CRC32 tests - Addition of WoodyOPL from DOSBox SVN (thanks to NY00123) - Addition of NukedOPL (thanks to loki666 and nukeykt) - Move from SourceForge to GitHub - DRO player refactored (thanks to Laurence Myers and William Yates) - Add (mono) OPL3 support to the surround/harmonic-effect OPL - Fix occasional random noise in right channel when using surround OPL and Satoh synth - Add display for ROL comment and instrument names - Improve support for different Westwood ADL format versions - Improve CMF transpose support (per-channel now) - Autotools build environment updated -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 5 2021 Robert Scheck |