libopenmpt security update 0.4.5
The OpenMPT/libopenmpt project released the latest stable libopenmpt version:
libopenmpt 0.4.5 (2019-05-27)
-
[Sec] Possible crash during playback due out-of-bounds read in XM and MT2 files (r11608). (CVE-2019-14380)
- Breaking out of a sustain loop through Note-Off sometimes didn’t continue in the regular sample loop.
- Seeking did not stop notes playing with XM Key Off (Kxx) effect.
The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.5+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.5+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.5+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The security issue fixed in libopenmpt 0.4 does not affect the earlier libopenmpt 0.3 and 0.2 branches. Thus, the libopenmpt 0.3.15, libopenmpt 0.2.11253-beta37, libopenmpt 0.2.7561-beta20.5 and libopenmpt 0.2.7386-beta20.3 lines require no update.
The following libopenmpt versions are currently supported with security fixes by the OpenMPT/libopenmpt project:
- 0.4.5
- Current stable version.
- Receives security updates.
- Receives minor playback fixes.
- 0.3.16
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.2.11539-beta38
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.2.7561-beta20.5-p13
- Older stable version which is supported on Unix-like systems only.
- Receives only security fixes.
- 0.2.7386-beta20.3-p16
- Older stable version which is supported on Unix-like systems only.
- Receives only security fixes.
- 0.5 (SVN trunk)
- development
- security updates
- playback fixes
- new features
- new file formats
Please update to the newest versions.