Date: Sat, 6 Mar 2010 09:50:53 -0800 From: Kees Cook <kees@...ntu.com> To: oss-security@...ts.openwall.com Cc: dyon@...coder.com.au Subject: Re: WANTED: mikmod patches On Mon, Feb 22, 2010 at 02:16:58PM +0100, Thomas Biege wrote: > has somebody a pointer to the patches for CVE-2009-3996 > and CVE-2009-3995? > > The last release from upstream was 2+ yrs old. > > These IDs are from a Secunia advisory about mikmod: http://secunia.com/secunia_research/2009-55/ Looks like the CVEs need to be updated -- they were assigned only for WinAmp originally: CVE-2009-3995: http://secunia.com/secunia_research/2009-52/ "Impulse Tracker Instrument" http://secunia.com/secunia_research/2009-53/ "Impulse Tracker Sample" CVE-2009-3996: http://secunia.com/secunia_research/2009-56/ "Ultratracker File" Dyon, do you have any reproducers you could share to help distros get libmidmod patched? Thanks, -Kees -- Kees Cook Ubuntu Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.