-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-7135 2013-05-01 03:03:09 --------------------------------------------------------------------------------
Name : xmp Product : Fedora 18 Version : 3.5.0 Release : 3.fc18 URL : http://xmp.sourceforge.net/ Summary : A multi-format module player Description : The Extended Module Player is a modplayer for Unix-like systems that plays over 80 mainstream and obscure module formats from Amiga, Atari, Acorn, Apple IIgs and PC, including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM) and Impulse Tracker (IT) files.
-------------------------------------------------------------------------------- Update Information:
This update fixes heap-based buffer overflow when processing certain MASI files. -------------------------------------------------------------------------------- ChangeLog:
* Sun Apr 28 2013 Dominik Mierzejewski rpm@greysector.net - 3.5.0-3 - fix build against audacious 3.4 (empty pkg-config --cflags is not an error) - backport fix for CVE-2013-1890 (rhbz #954658) * Fri Feb 15 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Sep 5 2012 Dominik Mierzejewski rpm@greysector.net - 3.5.0-1 - updated to 3.5.0 - rebased 3.3 API patch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #954658 - CVE-2013-1980 xmp: Heap-based buffer overflow by processing certain MASI files https://bugzilla.redhat.com/show_bug.cgi?id=954658 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update xmp' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org