Hello community,
here is the log from the commit of package libmikmod for openSUSE:Factory
checked in at Wed Apr 21 18:35:55 CEST 2010.
--------
--- libmikmod/libmikmod.changes 2009-12-21 16:02:00.000000000 +0100
+++ libmikmod/libmikmod.changes 2010-04-21 15:13:36.000000000 +0200
@@ -1,0 +2,5 @@
+Wed Apr 21 15:03:19 CEST 2010 - prusnak@suse.cz
+
+- fixed CVE-2009-3995 and CVE-2009-3996 [bnc#577875]
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
libmikmod-3.1.12-CVE-2009-3995,3996.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libmikmod.spec ++++++
--- /var/tmp/diff_new_pack.VYJAvi/_old 2010-04-21 18:35:41.000000000 +0200
+++ /var/tmp/diff_new_pack.VYJAvi/_new 2010-04-21 18:35:41.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libmikmod (Version 3.1.12)
#
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
Group: System/Libraries
Summary: MikMod Sound Library
Version: 3.1.12
-Release: 1
+Release: 2
# bug437293
%ifarch ppc64
Obsoletes: libmikmod-64bit
@@ -42,6 +42,7 @@
Patch5: %{name}-3.1.12-conftest_fix.diff
Patch6: %{name}-3.1.12-exitcrash-fix.diff
Patch7: %{name}-3.1.12-loopingvolume-fix.diff
+Patch8: %{name}-3.1.12-CVE-2009-3995,3996.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -87,6 +88,7 @@
%patch5
%patch6 -p1
%patch7 -p1
+%patch8
%build
autoreconf -f -i
++++++ libmikmod-3.1.12-CVE-2009-3995,3996.diff ++++++
Index: loaders/load_it.c
===================================================================
--- loaders/load_it.c.orig
+++ loaders/load_it.c
@@ -862,6 +862,11 @@ BOOL IT_Load(BOOL curious)
#endif
IT_ProcessEnvelope(vol);
+
+ // Secunia SA37775
+ if (ih.volpts>= ENVPOINTS)
+ ih.volpts = ENVPOINTS-1;
+
for(u=0;u