Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20100306175053.GD20744@outflux.net>
Date: Sat, 6 Mar 2010 09:50:53 -0800
From: Kees Cook <kees@...ntu.com>
To: oss-security@...ts.openwall.com
Cc: dyon@...coder.com.au
Subject: Re: WANTED: mikmod patches

On Mon, Feb 22, 2010 at 02:16:58PM +0100, Thomas Biege wrote:
> has somebody a pointer to the patches for CVE-2009-3996
> and CVE-2009-3995?
> 
> The last release from upstream was 2+ yrs old.
> 
> These IDs are from a Secunia advisory about mikmod:

http://secunia.com/secunia_research/2009-55/

Looks like the CVEs need to be updated -- they were assigned only for
WinAmp originally:

CVE-2009-3995:
http://secunia.com/secunia_research/2009-52/ "Impulse Tracker Instrument"
http://secunia.com/secunia_research/2009-53/ "Impulse Tracker Sample"

CVE-2009-3996:
http://secunia.com/secunia_research/2009-56/ "Ultratracker File"

Dyon, do you have any reproducers you could share to help distros get
libmidmod patched?

Thanks,

-Kees

-- 
Kees Cook
Ubuntu Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.