|
|
Log in / Subscribe / Register

Debian alert DLA-1961-1 (milkytracker)



From:
              Utkarsh Gupta <guptautkarsh2102@gmail.com> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 1961-1] milkytracker security update 


Date:
              Mon, 21 Oct 2019 16:14:34 +0200


Message-ID:
              <20191021141434.2djnmcccw2ukbkaw@layer-acht.org>


Package        : milkytracker
Version        : 0.90.85+dfsg-2.2+deb8u1
CVE ID         : CVE-2019-14464 CVE-2019-14496 CVE-2019-14497
Debian Bug     : 933964


Fredric discovered a couple of buffer overflows in MilkyTracker, of which,
a brief description is given below.

CVE-2019-14464

    XMFile::read in XMFile.cpp in milkyplay in MilkyTracker had a heap-based
    buffer overflow.

CVE-2019-14496

    LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker had a
    stack-based buffer overflow.

CVE-2019-14497

    ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker
    had a heap-based buffer overflow.


For Debian 8 "Jessie", these problems have been fixed in version
0.90.85+dfsg-2.2+deb8u1.

We recommend that you upgrade your milkytracker packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds