stable

adplug-2.3.3-1.fc32, audacious-plugins-3.10.1-7.fc32, & 1 more

FEDORA-2021-24ef21134b created by robert 3 years ago for Fedora 32

AdPlug 2.3.3

  • New RAD player replacing the old one
  • Bug fixes: (huge thanks to Alexander Miller for these)
    • CVE-2019-14690 - buffer overflow in .bmf
    • CVE-2019-14691 - buffer overflow in .dtm
    • CVE-2019-14692 - buffer overflow in .mkj
    • CVE-2019-14732 - buffer overflow in .a2m
    • CVE-2019-14733 - buffer overflow in .rad
    • CVE-2019-14734 - buffer overflow in .mtk
    • CVE-2019-15151 - double free and OOB reads in .u6m
    • OOB reads in .xad
    • OOB reads in .rix

AdPlug 2.3.2

  • Bug fixes:
    • FMOPL: Fix global variable pointer double-free (CVE-2018-17825)
    • HERAD: Fix compilation on GCC 4.2.1
    • ADL: Calling rewind() before update() causes access violation
    • Move OPL reset/init code to rewind() for some players

AdPlug 2.3.1

  • Fixed unconditional inclusion of "sys/io.h" on Linux
  • Autotools improvement
    • Non-recursive Automake, improved parallelizability
    • Compatibility fixes for FreeBSD's pmake and OpenBSD's make
    • Out-of-source building

AdPlug 2.3

  • Bug fixes:
    • CMF: Fix uninitialised variable use (thanks binarymaster)
    • CMF: Handle invalid offsets without crashing
    • ROL: Prevent access beyond end of vector
    • MSC: Fix use of uninitialised variable
    • HSC: Handle out of range patterns more gracefully
    • MID: Fix out of range array read
    • LDS: Use the tempo stored inside the Loudness-File instead of simply returning 70Hz
    • RIX: Fix several replay bugs (thanks to Palxex)
    • RIX: Big-endian fix by Wei Mingzhi
    • XAD: Tempo fix
    • Various other out of bounds array fixes, timing fixes, etc.
  • New formats:
    • BMF: Easy AdLib 1.0
    • CMF: SoundFX Macs Opera
    • GOT: God of Thunder
    • HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD)
    • MUS/IMS/MDI: AdLib Visual Composer ROL derivatives
    • SOP: sopepos' Note Player
    • VGM: Video Game Music
  • Allow compilation on platforms that don't support real OPL hardware access
  • Add support for compiling on Appveyor and publishing a NuGet package
  • Add Visual Studio 2015 projects
  • Add support for Travis CI builds
  • Add new CRC16 and CRC32 tests
  • Addition of WoodyOPL from DOSBox SVN (thanks to NY00123)
  • Addition of NukedOPL (thanks to loki666 and nukeykt)
  • Move from SourceForge to GitHub
  • DRO player refactored (thanks to Laurence Myers and William Yates)
  • Add (mono) OPL3 support to the surround/harmonic-effect OPL
  • Fix occasional random noise in right channel when using surround OPL and Satoh synth
  • Add display for ROL comment and instrument names
  • Improve support for different Westwood ADL format versions
  • Improve CMF transpose support (per-channel now)
  • Autotools build environment updated

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-24ef21134b

This update has been submitted for testing by robert.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago

This update can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1743108 CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h
0
0
BZ#1743109 CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h [fedora-all]
0
0
BZ#1770224 CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution
0
0
BZ#1770243 CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution
0
0
BZ#1770257 CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution
0
0
BZ#1778710 CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp
0
0
BZ#1778711 CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp [fedora-all]
0
0
BZ#1778716 CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp
0
0
BZ#1778717 CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp [fedora-all]
0
0
BZ#1778720 CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp
0
0
BZ#1778721 CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp [fedora-all]
0
0

Automated Test Results