libopenmpt security updates 0.5.11, 0.4.23, 0.3.32
The OpenMPT/libopenmpt project released the latest stable libopenmpt version:
libopenmpt 0.5.11 (2021-08-22)
- [Sec] Possible crash with malformed modules when trying to access non-existent plugin slots FX251-FX255. (r15479, r15518)
- [Sec] Possible read beyond sample start after swapping to a sample with loop points set but not loop enabled. (r15499)
- [Sec] Fixed various possible crashes with malformed MMCMP files. (r15504, 15528)
-
[Sec] MED: Possible read past end of sequence name (stack-allocated, so relatively unlikely to result in a crash). (r15477)
- Fixed excessive memory usage with files claiming to have an extremely high rows per beat count while also using tempo swing. Maximum rows per beat are now limited to 65536.
-
STP: Avoid creating thousands of patterns when loading malformed files even though no more pattern data can be read.
- mpg123: Update to v1.28.2 (2021-07-12).
- stb_vorbis: Update v1.22 commit 5a0bb8b1c1b1ca3f4e2485f4114c1c8ea021b781 (2021-07-12).
The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.11+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.11+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.11+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The OpenMPT/libopenmpt project also released an update to the old libopenmpt 0.4 stable branch:
libopenmpt 0.4.23 (2021-08-22)
- [Sec] Possible crash with malformed modules when trying to access non-existent plugin slots FX251-FX255. (r15480, r15519, r15521)
- [Sec] Possible read beyond sample start after swapping to a sample with loop points set but not loop enabled. (r15500)
- [Sec] Fixed various possible crashes with malformed MMCMP files. (r15505, 15529)
-
[Sec] MED: Possible read past end of file buffer by up to 3 bytes (r15507, 15509)
- Fixed excessive memory usage with files claiming to have an extremely high rows per beat count while also using tempo swing. Maximum rows per beat are now limited to 65536.
-
STP: Avoid creating thousands of patterns when loading malformed files even though no more pattern data can be read.
- mpg123: Update to v1.28.2 (2021-07-12).
- stb_vorbis: Update v1.22 commit 5a0bb8b1c1b1ca3f4e2485f4114c1c8ea021b781 (2021-07-12).
The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.23+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.23+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.23+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The OpenMPT/libopenmpt project also released an update to the old libopenmpt 0.3 stable branch:
libopenmpt 0.3.32 (2021-08-22)
- [Sec] Possible crash with malformed modules when trying to access non-existent plugin slots FX251-FX255. (r15481, r15520, r15522)
- [Sec] Possible read beyond sample start after swapping to a sample with loop points set but not loop enabled. (r15501)
- [Sec] Fixed various possible crashes with malformed MMCMP files. (r15506, 15530)
-
[Sec] MED: Possible read past end of file buffer by up to 3 bytes (r15508, 15510)
- Fixed excessive memory usage with files claiming to have an extremely high rows per beat count while also using tempo swing. Maximum rows per beat are now limited to 65536.
-
STP: Avoid creating thousands of patterns when loading malformed files even though no more pattern data can be read.
- mpg123: Update to v1.28.2 (2021-07-12).
- stb_vorbis: Update v1.22 commit 5a0bb8b1c1b1ca3f4e2485f4114c1c8ea021b781 (2021-07-12).
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.32+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.32+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.32+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The following libopenmpt versions are currently supported with security fixes by the OpenMPT/libopenmpt project:
- 0.5.11
- Current stable version.
- Receives security updates.
- Receives minor playback fixes.
- 0.4.23
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.3.32
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.6 (SVN trunk)
- development
- security updates
- playback fixes
- new features
- new file formats
Please update to the newest versions.