Acknowledgement sent to Brandon <winterknight@nerdshack.com>:
New Bug report received and forwarded. Copy sent to Ingo Saitz <ingo@debian.org>.
(full text, mbox, link).
Package: libmikmod2
Version: 3.1.11-a-6
Severity: important
Tags: patch
There is bug in mikmod that causes an app to segfault or abort when
loading multiple music files with varying number of channels. This is
the same bug that I reported, and fixed, almost a year ago in
SDL-mixer, which until recently used an internal version of a slightly
older libmikmod. Here is the (now archived) bug report:
http://bugs.debian.org/422021
Previously, I believed that the latest version of libmikmod, which
Debian uses, was unaffected by this bug. I had done some preliminary,
non-conclusive tests in this regard. I was wrong. Libmikmod is indeed
affected.
I created and tested a patch for libmikmod, which fixes this bug, and
have included it with this report. Upstream SDL-mixer has incorporated
my patch in their latest svn. Debian SDL-mixer had been using my patch,
but re-broke when they decided to dynamically link against libmikmod
rather than use the SDL-mixer internal version (ironically, at my
suggestion). When you patch libmikmod, Debian and it's derivitaves will
no longer suffer from this bug (hopefully). It appears upstream is once
again being maintained, so hopefully this bug will one day soon be put
down once and for all.
-Brandon
Blocking bugs of 510675 added: 461519
Request was from Decklin Foster <decklin@red-bean.com>
to control@bugs.debian.org.
(Sun, 04 Jan 2009 17:33:12 GMT) (full text, mbox, link).
Severity set to `critical' from `important'
Request was from Max Kellermann <max@duempel.org>
to control@bugs.debian.org.
(Tue, 13 Jan 2009 09:03:02 GMT) (full text, mbox, link).
Tags added: security
Request was from Max Kellermann <max@duempel.org>
to control@bugs.debian.org.
(Tue, 13 Jan 2009 09:03:04 GMT) (full text, mbox, link).
Severity set to `grave' from `critical'
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 15 Jan 2009 10:54:12 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Ingo Saitz <ingo@debian.org>: Bug#461519; Package libmikmod2.
(Tue, 03 Feb 2009 20:45:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Ingo Saitz <ingo@debian.org>.
(Tue, 03 Feb 2009 20:45:19 GMT) (full text, mbox, link).
Hi,
Ingo, what is the status of this? It would be nice to get
this fixed for lenny.
Did you check back with upstream?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
Information forwarded
to debian-bugs-dist@lists.debian.org, Ingo Saitz <ingo@debian.org>: Bug#461519; Package libmikmod2.
(Wed, 05 Aug 2009 10:27:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Ingo Saitz <ingo@debian.org>.
(Wed, 05 Aug 2009 10:27:05 GMT) (full text, mbox, link).
Subject: Bug#461519: fixed in libmikmod 3.1.11-6.1
Date: Sun, 09 Aug 2009 18:17:39 +0000
Source: libmikmod
Source-Version: 3.1.11-6.1
We believe that the bug you reported is fixed in the latest version of
libmikmod, which is due to be installed in the Debian FTP archive:
libmikmod2-dev_3.1.11-a-6.1_amd64.deb
to pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.1_amd64.deb
libmikmod2_3.1.11-a-6.1_amd64.deb
to pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6.1_amd64.deb
libmikmod_3.1.11-6.1.diff.gz
to pool/main/libm/libmikmod/libmikmod_3.1.11-6.1.diff.gz
libmikmod_3.1.11-6.1.dsc
to pool/main/libm/libmikmod/libmikmod_3.1.11-6.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 461519@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuseppe@iuculano.it> (supplier of updated libmikmod package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 05 Aug 2009 11:50:25 +0200
Source: libmikmod
Binary: libmikmod2-dev libmikmod2
Architecture: source amd64
Version: 3.1.11-6.1
Distribution: unstable
Urgency: high
Maintainer: Ingo Saitz <ingo@debian.org>
Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it>
Description:
libmikmod2 - A portable sound library
libmikmod2-dev - A portable sound library - development files
Closes: 461519476339
Changes:
libmikmod (3.1.11-6.1) unstable; urgency=high
.
* Non-maintainer upload.
* debian/patches/CVE-2007-6720.patch: Fixed application crash or abort when
loading/playing multiple music files with varying number of channels.
(CVE-2007-6720) (Closes: #461519)
* debian/patches/CVE-2009-0179.patch: Fixed application crash when loading XM
files. (CVE-2009-0179) (Closes: #476339)
Checksums-Sha1:
ddbc4e2401988174c0779bf921a2ed6f1baf74ff 1017 libmikmod_3.1.11-6.1.dsc
d15b768244d3bbbcbd6340e6d29877ea8a4afab1 336868 libmikmod_3.1.11-6.1.diff.gz
4cce0e6491ca5123c747e3edd38cbe0005caf034 262980 libmikmod2-dev_3.1.11-a-6.1_amd64.deb
afb266ec91821cffd37ad227f8c94bd03240c530 154574 libmikmod2_3.1.11-a-6.1_amd64.deb
Checksums-Sha256:
9321127347bd2ebf9429700cabe5945d7ecd77fc5cfdaf95f72c0fcb6d4d4eca 1017 libmikmod_3.1.11-6.1.dsc
440bd0ba9f53e3c24cec2038213d8a96f6636cb0f7be83f81de2ac024ee8cb10 336868 libmikmod_3.1.11-6.1.diff.gz
3eba29c2aa5aad6beb2ec1937c9c8aaadc9aa6cd8d47e234541d9d9d1cb8363b 262980 libmikmod2-dev_3.1.11-a-6.1_amd64.deb
b09a83d776ddea303ea244c22efb93aaab42f69aec6177b5d62676c129f8c9fc 154574 libmikmod2_3.1.11-a-6.1_amd64.deb
Files:
7a30b862ae1283c62ff156020679806d 1017 libs optional libmikmod_3.1.11-6.1.dsc
24558c996f0da36bc87c3ea565599059 336868 libs optional libmikmod_3.1.11-6.1.diff.gz
94c9473e9fa05bef5988826bd1afeb9b 262980 libdevel optional libmikmod2-dev_3.1.11-a-6.1_amd64.deb
849fa2f5fd54a012a2c00c2dc97c3c43 154574 libs optional libmikmod2_3.1.11-a-6.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp/DZkACgkQHYflSXNkfP/HdACdF1/VP1BUGXzIwVP6VJIwh66H
MKUAn0nPyqUfZ9i7N7ULoEqNQ1xbLMD9
=Iu4S
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 11 Sep 2009 07:45:21 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.