Category Archives: Advisories

libopenmpt-0.7.6-1.el7

Read Time:2 Minute, 18 Second

FEDORA-EPEL-2024-07e8f5f1f0

Packages in this update:

libopenmpt-0.7.6-1.el7

Update description:

libopenmpt 0.7.6 (2024-03-24)

[Sec] Potential heap out-of-bounds read or write past sample end with malformed sustain loops in SymMOD files (r20420).
MED: Transposed samples were playing too low in some files (e.g. mix94.mmd1).
OKT: Some files with garbage at the end were rejected (e.g. katharsis – piano lesson.okta).
Compressor DMO: It was possible that the plugin would not behave as intended at mix rates above 500 kHz.
Avoid re-allocating the loop state map contents on every playthrough of the module.

libopenmpt 0.7.5 (2024-03-17)

[Sec] Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338).
[Sec] Write buffer overflow when reading unseekable files close to 4GiB in size (r20339).
[Sec] Possible out-of-memory (32bit platforms) or excessive memory allocation (64bit platforms) when reading malformed data from unseekable files (r20340).
[Sec] DMF: Possible null-pointer write or excessive memory allocation when reading DMF files (r20323).
IT: In the previous version, Zxx macros in IT files made with older MPT versions were no longer working.
There was a periodic click when playing a module using the Chorus or Flanger DMO plugin at a mix rate exceeding ~136.5 kHz.
An older bugfix for undefined behaviour in the Distortion DMO plugin was incorrect, causing the distorted sound to be different in some situations.
xmp-openmpt: Metadata retrievel for playlist items was broken.

libopenmpt 0.7.4 (2024-03-03)

[Bug] Makefile: libopenmpt 0.7.3 broke running the test suite for Emscripten builds.
openmpt123: openmpt123 now uses a narrower layout on terminal windows with a width of less than 72 characters.
Setting all possible load_skip flags resulted in nothing being loaded at all, instead of just not loading the selected module parts.
When playing all subsongs, set_position_seconds didn’t always calculate the correct subsong to jump to.
IT: A few more compatibility flags are now disabled for modules saved with earlier Schism Tracker versions.
IT: MIDI macros were reset in IT 2.14 / 2.15 files that declared to be compatible with older IT versions (fixes spx-visionsofthepast.it).
OKT: Work around missing negative arpeggio implementation by transposing the notes up an octave.
OKT: Channel volume commands were sometimes lost over less important effects.
IMF: Ignore magic bytes in sample header. “Leaving All Behind” by Karsten Koch uses unexpected magic bytes, Orpheus ignores them just like the instrument header magic bytes.
zlib: Update to v1.3.1 (2024-01-22).
mpg123: Update to v1.32.5 (2024-02-17).
pugixml: Update to v1.14 (2023-10-01).

Read More

libopenmpt-0.7.6-1.el9

Read Time:2 Minute, 18 Second

FEDORA-EPEL-2024-8526776b15

Packages in this update:

libopenmpt-0.7.6-1.el9

Update description:

libopenmpt 0.7.6 (2024-03-24)

[Sec] Potential heap out-of-bounds read or write past sample end with malformed sustain loops in SymMOD files (r20420).
MED: Transposed samples were playing too low in some files (e.g. mix94.mmd1).
OKT: Some files with garbage at the end were rejected (e.g. katharsis – piano lesson.okta).
Compressor DMO: It was possible that the plugin would not behave as intended at mix rates above 500 kHz.
Avoid re-allocating the loop state map contents on every playthrough of the module.

libopenmpt 0.7.5 (2024-03-17)

[Sec] Null-pointer write (32bit platforms) or excessive memory allocation (64bit platforms) when reading close to 4GiB of data from unseekable files (r20336, r20338).
[Sec] Write buffer overflow when reading unseekable files close to 4GiB in size (r20339).
[Sec] Possible out-of-memory (32bit platforms) or excessive memory allocation (64bit platforms) when reading malformed data from unseekable files (r20340).
[Sec] DMF: Possible null-pointer write or excessive memory allocation when reading DMF files (r20323).
IT: In the previous version, Zxx macros in IT files made with older MPT versions were no longer working.
There was a periodic click when playing a module using the Chorus or Flanger DMO plugin at a mix rate exceeding ~136.5 kHz.
An older bugfix for undefined behaviour in the Distortion DMO plugin was incorrect, causing the distorted sound to be different in some situations.
xmp-openmpt: Metadata retrievel for playlist items was broken.

libopenmpt 0.7.4 (2024-03-03)

[Bug] Makefile: libopenmpt 0.7.3 broke running the test suite for Emscripten builds.
openmpt123: openmpt123 now uses a narrower layout on terminal windows with a width of less than 72 characters.
Setting all possible load_skip flags resulted in nothing being loaded at all, instead of just not loading the selected module parts.
When playing all subsongs, set_position_seconds didn’t always calculate the correct subsong to jump to.
IT: A few more compatibility flags are now disabled for modules saved with earlier Schism Tracker versions.
IT: MIDI macros were reset in IT 2.14 / 2.15 files that declared to be compatible with older IT versions (fixes spx-visionsofthepast.it).
OKT: Work around missing negative arpeggio implementation by transposing the notes up an octave.
OKT: Channel volume commands were sometimes lost over less important effects.
IMF: Ignore magic bytes in sample header. “Leaving All Behind” by Karsten Koch uses unexpected magic bytes, Orpheus ignores them just like the instrument header magic bytes.
zlib: Update to v1.3.1 (2024-01-22).
mpg123: Update to v1.32.5 (2024-02-17).
pugixml: Update to v1.14 (2023-10-01).

Read More

A Vulnerability in XZ Utils Could Allow for Remote Code Execution

Read Time:32 Second

A vulnerability has been discovered in XZ Utils that could allow for remote code execution. XZ is a general-purpose data compression format present in nearly every Linux distribution, both community projects and commercial product distributions. Successful exploitation of this vulnerability could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Read More

cockpit-314-1.fc40

Read Time:16 Second

FEDORA-2024-4e95f130fc

Packages in this update:

cockpit-314-1.fc40

Update description:

Automatic update for cockpit-314-1.fc40.

Changelog for cockpit

* Thu Mar 28 2024 Packit <hello@packit.dev> – 314-1
– Diagnostic reports: Fix command injection vulnerability with crafted report names
– Storage: Improvements to read-only encrypted filesystems

Read More