-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Jul 2020 10:37:55 +0300 Source: milkytracker Binary: milkytracker Architecture: source Version: 0.90.86+dfsg-2+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Multimedia Team <pkg-multimedia-maintainers@lists.alioth.debian.org> Changed-By: Adrian Bunk <bunk@debian.org> Description: milkytracker - music creation tool inspired by Fast Tracker 2 Changes: milkytracker (0.90.86+dfsg-2+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-14464: Heap-based buffer overflow in XMFile::read * CVE-2019-14496: Stack-based buffer overflow in LoaderXM::load * CVE-2019-14497: Heap-based buffer overflow in ModuleEditor::convertInstrument * CVE-2020-15569: Use-after-free in the PlayerGeneric destructor Checksums-Sha1: 9e0e9b36432a859568e56b910a051c79ad125e24 2235 milkytracker_0.90.86+dfsg-2+deb9u1.dsc 707519ca718aaf5934b83226fa516422cd4df00b 1598344 milkytracker_0.90.86+dfsg.orig.tar.bz2 74084ac3de437b5e3550af82ed65451cc9876f8f 13156 milkytracker_0.90.86+dfsg-2+deb9u1.debian.tar.xz Checksums-Sha256: 64e754eefc1d591dc006c8d72556bcb59fdaf96b851536fefacd8a4e58506289 2235 milkytracker_0.90.86+dfsg-2+deb9u1.dsc e1c5b071b6a944e85b3c3114a6f05b5bba4584d77522914644738c8fadc62d8d 1598344 milkytracker_0.90.86+dfsg.orig.tar.bz2 8437304f06ee983a50d6966734225cefd9b9a2ec2883a39b8317460bac351a08 13156 milkytracker_0.90.86+dfsg-2+deb9u1.debian.tar.xz Files: a0d98dda41777b29cd7b9fce81935cf6 2235 sound optional milkytracker_0.90.86+dfsg-2+deb9u1.dsc 25adb6caa64565299979269c00aeba68 1598344 sound optional milkytracker_0.90.86+dfsg.orig.tar.bz2 c27011aea19d2652245bda2bf4766e81 13156 sound optional milkytracker_0.90.86+dfsg-2+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl8e1C8ACgkQiNJCh6LY mLHLoRAAyZlaoVmFMBlhxu6fi0eDKYIEPB9MhAOhMjkqhQNCBzsxzjEUG/bJ2GJD WwiDygW5pha9h3TodV38uX6FOi4ndYL8nkQUCjhn87G2cs/jLBvWzgabAaelVJeF 1RxJeD9mqSa+uQ2+lJTWIJzpFdKN1duPF6XT0BZrYjuT5Za1395GZ8HBWtJTNSS8 k+0fzXhT4/tM6A++OngT1q7VdoOOKpQmJS5Fb9sDe+t3uuQMwScN+/fMIr60yHi9 wZAWUorbGe3b6pLVZsMiRFJhJrJ3BZDj4XwCzdRV8nC/urfNTOpPJvXJjmXsg1ox 3k50WwCmldTRnf+fjV+LYhe4yF0KTMYFDJaMmEfkaMx0u2tiioj/axbse+1nEs67 ywkT46ZpmQXjKZY4dJL1VK0Ezx+sCCHDVCmf6jJd1PIL17YNwGd2HMYbqV8BdKaI Hk8HrTf0fj1MmFZWMNLJEF6X832FwmGtEwWqDHPOBBZjEzGat0HYrw2iSWaqM3Qh UvJb17x4/kQPkOqoL/qTXSuYiPthuamNGcxG6trI51D5HMruFqrZmLfmz/01vuZ3 1ZJAZzUEP2wo/tpbg0tI+IbRjZOtNT9Hx2sZDw6JksgGPrxa/mtZFwNPYgIKfR2N JdPi7URaGVmG2M1nlcgkXhux0s7Khz6xl0w23qEhhTSbkqIH788= =h+bw -----END PGP SIGNATURE-----