fedora-security/extras-errata/errata FEDORA-EXTRAS-2006-003, 1.2, 1.3

Ville Skytta (scop) fedora-extras-commits at redhat.com
Mon Jul 31 19:09:11 UTC 2006 

Author: scop

Update of /cvs/fedora/fedora-security/extras-errata/errata
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13378

Modified Files:
	FEDORA-EXTRAS-2006-003 
Log Message:
Update from Hans.


Index: FEDORA-EXTRAS-2006-003
===================================================================
RCS file: /cvs/fedora/fedora-security/extras-errata/errata/FEDORA-EXTRAS-2006-003,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- FEDORA-EXTRAS-2006-003	28 Jul 2006 16:11:36 -0000	1.2
+++ FEDORA-EXTRAS-2006-003	31 Jul 2006 19:09:09 -0000	1.3
@@ -2,19 +2,30 @@
 Fedora Update Notification
 FEDORA-EXTRAS-2006-003
 ---------------------------------------------------------------------
-Product:    Fedora Extras [4 5]
+Product:    Fedora Extras [5 devel]
 Name:       dumb
-Version:    
-Release:    
-Summary:    
+Version:    0.9.3
+Release:    4
+Summary:    IT, XM, S3M and MOD player library
 Description:
-
+IT, XM, S3M and MOD player library. Mainly targeted for use with the
+allegro game programming library, but it can be used without allegro.
+Faithful to the original trackers, especially IT.
 ---------------------------------------------------------------------
 Update Information:
 
 CVE ID: CVE-2006-3668
 
-<Fill me in>
+Luigi Auriemma discovered that DUMB, a tracker music library, performs
+insufficient sanitising of values parsed from IT music files. This could
+result in a heap-based buffer overflow in the it_read_envelope function
+in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and
+current CVS as of 20060716, including libdumb, allows user-complicit
+attackers to execute arbitrary code via a ".it" (Impulse Tracker) file
+with an envelope with a large number of nodes.
+
+Fedora Extras versions 0.9.3-3 and earlier are vulnerable to this
+upgrade to 0.9.3-4 to fix this vulnerability.
 
 ---------------------------------------------------------------------
 This update can be installed with the 'yum' update program.  Use 'yum

More information about the fedora-extras-commits mailing list