——————————————————————————–
Fedora Update Notification
FEDORA-2021-24ef21134b
2021-01-14 01:42:30.106595
——————————————————————————–
Name : audacious-plugins
Product : Fedora 32
Version : 3.10.1
Release : 7.fc32
URL : http://audacious-media-player.org/
Summary : Plugins for the Audacious audio player
Description :
This package provides essential plugins for the Audacious audio player.
——————————————————————————–
Update Information:
AdPlug 2.3.3 ============ – New RAD player replacing the old one – Bug
fixes: (huge thanks to Alexander Miller for these) – CVE-2019-14690 – buffer
overflow in `.bmf` – CVE-2019-14691 – buffer overflow in `.dtm` –
CVE-2019-14692 – buffer overflow in `.mkj` – CVE-2019-14732 – buffer
overflow in `.a2m` – CVE-2019-14733 – buffer overflow in `.rad` –
CVE-2019-14734 – buffer overflow in `.mtk` – CVE-2019-15151 – double free
and OOB reads in `.u6m` – OOB reads in `.xad` – OOB reads in `.rix`
AdPlug 2.3.2 ============ – Bug fixes: – FMOPL: Fix global variable
pointer double-free (CVE-2018-17825) – HERAD: Fix compilation on GCC 4.2.1
– ADL: Calling `rewind()` before `update()` causes access violation – Move
OPL reset/init code to `rewind()` for some players AdPlug 2.3.1 ============
– Fixed unconditional inclusion of “sys/io.h” on Linux – Autotools improvement
– Non-recursive Automake, improved parallelizability – Compatibility fixes
for FreeBSD’s pmake and OpenBSD’s make – Out-of-source building AdPlug 2.3
========== – Bug fixes: – CMF: Fix uninitialised variable use (thanks
binarymaster) – CMF: Handle invalid offsets without crashing – ROL:
Prevent access beyond end of vector – MSC: Fix use of uninitialised variable
– HSC: Handle out of range patterns more gracefully – MID: Fix out of range
array read – LDS: Use the tempo stored inside the Loudness-File instead of
simply returning 70Hz – RIX: Fix several replay bugs (thanks to Palxex)
– RIX: Big-endian fix by Wei Mingzhi – XAD: Tempo fix – Various other
out of bounds array fixes, timing fixes, etc. – New formats: – BMF: Easy
AdLib 1.0 – CMF: SoundFX Macs Opera – GOT: God of Thunder –
HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD) – MUS/IMS/MDI: AdLib
Visual Composer ROL derivatives – SOP: sopepos’ Note Player – VGM: Video
Game Music – Allow compilation on platforms that don’t support real OPL
hardware access – Add support for compiling on Appveyor and publishing a NuGet
package – Add Visual Studio 2015 projects – Add support for Travis CI builds
– Add new CRC16 and CRC32 tests – Addition of WoodyOPL from DOSBox SVN (thanks
to NY00123) – Addition of NukedOPL (thanks to loki666 and nukeykt) – Move
from SourceForge to GitHub – DRO player refactored (thanks to Laurence Myers
and William Yates) – Add (mono) OPL3 support to the surround/harmonic-effect
OPL – Fix occasional random noise in right channel when using surround OPL and
Satoh synth – Add display for ROL comment and instrument names – Improve
support for different Westwood ADL format versions – Improve CMF transpose
support (per-channel now) – Autotools build environment updated
——————————————————————————–
ChangeLog:
* Tue Jan 5 2021 Robert Scheck <robert@fedoraproject.org> – 3.10.1-7
– Rebuilt for adplug 2.3.3
——————————————————————————–
References:
[ 1 ] Bug #1743108 – CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h
https://bugzilla.redhat.com/show_bug.cgi?id=1743108
[ 2 ] Bug #1770224 – CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1770224
[ 3 ] Bug #1770243 – CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1770243
[ 4 ] Bug #1770257 – CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1770257
[ 5 ] Bug #1778710 – CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=1778710
[ 6 ] Bug #1778716 – CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=1778716
[ 7 ] Bug #1778720 – CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp
https://bugzilla.redhat.com/show_bug.cgi?id=1778720
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2021-24ef21134b’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
——————————————————————————–
Fedora Update Notification
FEDORA-2021-64168929e4
2021-01-14 01:37:01.292546
——————————————————————————–
Name : audacious-plugins
Product : Fedora 33
Version : 4.0.5
Release : 3.fc33
URL : https://audacious-media-player.org/
Summary : Plugins for the Audacious audio player
Description :
This package provides essential plugins for the Audacious audio player.
——————————————————————————–
Update Information:
AdPlug 2.3.3 ============ – New RAD player replacing the old one – Bug
fixes: (huge thanks to Alexander Miller for these) – CVE-2019-14690 – buffer
overflow in `.bmf` – CVE-2019-14691 – buffer overflow in `.dtm` –
CVE-2019-14692 – buffer overflow in `.mkj` – CVE-2019-14732 – buffer
overflow in `.a2m` – CVE-2019-14733 – buffer overflow in `.rad` –
CVE-2019-14734 – buffer overflow in `.mtk` – CVE-2019-15151 – double free
and OOB reads in `.u6m` – OOB reads in `.xad` – OOB reads in `.rix`
AdPlug 2.3.2 ============ – Bug fixes: – FMOPL: Fix global variable
pointer double-free (CVE-2018-17825) – HERAD: Fix compilation on GCC 4.2.1
– ADL: Calling `rewind()` before `update()` causes access violation – Move
OPL reset/init code to `rewind()` for some players AdPlug 2.3.1 ============
– Fixed unconditional inclusion of “sys/io.h” on Linux – Autotools improvement
– Non-recursive Automake, improved parallelizability – Compatibility fixes
for FreeBSD’s pmake and OpenBSD’s make – Out-of-source building AdPlug 2.3
========== – Bug fixes: – CMF: Fix uninitialised variable use (thanks
binarymaster) – CMF: Handle invalid offsets without crashing – ROL:
Prevent access beyond end of vector – MSC: Fix use of uninitialised variable
– HSC: Handle out of range patterns more gracefully – MID: Fix out of range
array read – LDS: Use the tempo stored inside the Loudness-File instead of
simply returning 70Hz – RIX: Fix several replay bugs (thanks to Palxex)
– RIX: Big-endian fix by Wei Mingzhi – XAD: Tempo fix – Various other
out of bounds array fixes, timing fixes, etc. – New formats: – BMF: Easy
AdLib 1.0 – CMF: SoundFX Macs Opera – GOT: God of Thunder –
HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD) – MUS/IMS/MDI: AdLib
Visual Composer ROL derivatives – SOP: sopepos’ Note Player – VGM: Video
Game Music – Allow compilation on platforms that don’t support real OPL
hardware access – Add support for compiling on Appveyor and publishing a NuGet
package – Add Visual Studio 2015 projects – Add support for Travis CI builds
– Add new CRC16 and CRC32 tests – Addition of WoodyOPL from DOSBox SVN (thanks
to NY00123) – Addition of NukedOPL (thanks to loki666 and nukeykt) – Move
from SourceForge to GitHub – DRO player refactored (thanks to Laurence Myers
and William Yates) – Add (mono) OPL3 support to the surround/harmonic-effect
OPL – Fix occasional random noise in right channel when using surround OPL and
Satoh synth – Add display for ROL comment and instrument names – Improve
support for different Westwood ADL format versions – Improve CMF transpose
support (per-channel now) – Autotools build environment updated
——————————————————————————–
ChangeLog:
* Tue Jan 5 2021 Robert Scheck <robert@fedoraproject.org> – 4.0.5-3
– Rebuilt for adplug 2.3.3
——————————————————————————–
References:
[ 1 ] Bug #1743108 – CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h
https://bugzilla.redhat.com/show_bug.cgi?id=1743108
[ 2 ] Bug #1770224 – CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1770224
[ 3 ] Bug #1770243 – CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1770243
[ 4 ] Bug #1770257 – CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1770257
[ 5 ] Bug #1778710 – CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=1778710
[ 6 ] Bug #1778716 – CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=1778716
[ 7 ] Bug #1778720 – CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp
https://bugzilla.redhat.com/show_bug.cgi?id=1778720
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2021-64168929e4’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org