[SECURITY] Fedora 15 Update: libmodplug-0.8.8.3-3.fc15
updates at fedoraproject.org
updates at fedoraproject.org
Thu May 19 05:06:14 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-6995
2011-05-14 03:01:33
--------------------------------------------------------------------------------
Name : libmodplug
Product : Fedora 15
Version : 0.8.8.3
Release : 3.fc15
URL : http://modplug-xmms.sourceforge.net/
Summary : Modplug mod music file format library
Description :
Modplug mod music file format library.
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 0.8.8.3 (CVE-2011-1761).
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 10 2011 Ville Skyttä <ville.skytta at iki.fi> - 1:0.8.8.3-3
- Drop dependency on /etc/timidity.cfg, it's not worth the 100MB+ it pulls in.
* Mon May 9 2011 Ville Skyttä <ville.skytta at iki.fi> - 1:0.8.8.3-2
- Don't require /etc/timidity.cfg on EL-6, there is no suitable provider
package available in it at the moment.
* Sun May 8 2011 Ville Skyttä <ville.skytta at iki.fi> - 1:0.8.8.3-1
- Update to 0.8.8.3 (security, CVE-2011-1761).
- Require /etc/timidity.cfg for ABC and MIDI.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #701858 - CVE-2011-1761 libmodplug: stack-based buffer overflow in load_abc.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=701858
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libmodplug' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list