Hello community,
here is the log from the commit of package libmikmod for openSUSE:Factory
checked in at Fri Apr 23 01:43:43 CEST 2010.
--------
--- libmikmod/libmikmod.changes 2010-04-21 15:13:36.000000000 +0200
+++ /mounts/work_src_done/STABLE/libmikmod/libmikmod.changes 2010-04-23 01:30:17.533512000 +0200
@@ -1,0 +2,5 @@
+Fri Apr 23 01:29:56 CEST 2010 - prusnak@suse.cz
+
+- fix CVE-2009-3995,3996
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libmikmod.spec ++++++
--- /var/tmp/diff_new_pack.QOb9fU/_old 2010-04-23 01:43:21.000000000 +0200
+++ /var/tmp/diff_new_pack.QOb9fU/_new 2010-04-23 01:43:21.000000000 +0200
@@ -25,7 +25,7 @@
Group: System/Libraries
Summary: MikMod Sound Library
Version: 3.1.12
-Release: 2
+Release: 3
# bug437293
%ifarch ppc64
Obsoletes: libmikmod-64bit
++++++ libmikmod-3.1.12-CVE-2009-3995,3996.diff ++++++
--- /var/tmp/diff_new_pack.QOb9fU/_old 2010-04-23 01:43:21.000000000 +0200
+++ /var/tmp/diff_new_pack.QOb9fU/_new 2010-04-23 01:43:21.000000000 +0200
@@ -2,18 +2,24 @@
===================================================================
--- loaders/load_it.c.orig
+++ loaders/load_it.c
-@@ -862,6 +862,11 @@ BOOL IT_Load(BOOL curious)
- #endif
-
- IT_ProcessEnvelope(vol);
-+
-+ // Secunia SA37775
-+ if (ih.volpts>= ENVPOINTS)
-+ ih.volpts = ENVPOINTS-1;
-+
- for(u=0;u