+++ This bug was initially created as a clone of Bug #159290 +++ Back in June 2003, the Debian package owner for mikmod found a security flaw. Unfortunately it doesn't look like this got shared with vendors (I see nothing in vendor-sec archives), and we didn't update for this minor flaw. An attacker could create a malicious archive and if you can convince a victim to open that archive using mikmod you could overflow a buffer and execute code. Fix from Gentoo CVS: http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/media-sound/mikmod/files/mikmod-3.1.6-security.patch?rev=1.1&content-type=text/plain This issue affects FC4 (as of FC4-re0530.1) and FC3
Martin, Has this update made it into FC4?
Update for FC4 is done (ID's 405).