libopenmpt security update 0.3.6
The OpenMPT/libopenmpt project released the latest stable libopenmpt version:
libopenmpt 0.3.6 (2018-02-03)
-
[Sec] Possible out-of-bounds memory read with malformed STP files. (r9576) (CVE-2018-6611)
-
[Bug] Small memory leak with malformed STP files.
- STM: Accurate emulation of Scream Tracker 2 tempo mode.
- STM: Better support for early format revisions (no such files have been found in the wild, though).
- Fine volume slides are now supported when seeking with seek.sync_samples=1 enabled.
The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.6+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.6+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.6+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The security issue fixed in libopenmpt 0.3 does not affect the earlier libopenmpt 0.2 branch. Thus, the libopenmpt 0.2.9542-beta29, libopenmpt 0.2.7561-beta20.5 and libopenmpt 0.2.7386-beta20.3 lines require no update.
The following libopenmpt versions are currently supported with security fixes by the OpenMPT/libopenmpt project:
- 0.3.6
- Current stable version.
- Receives security updates.
- Receives minor playback fixes.
- 0.2.9542-beta29
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.2.7561-beta20.5-p7
- Older stable version which is supported on Unix-like systems only.
- Receives only security fixes.
- 0.2.7386-beta20.3-p10
- Older stable version which is supported on Unix-like systems only.
- Receives only security fixes.
- 0.4 (SVN trunk)
- development
- security updates
- playback fixes
- new features
- new file formats
Please update to the newest versions.