Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Woops, hit enter too soon. Ah well. This is mainly a tracker bug, since I (the reporter) am also the maintainer. The subject says most, a security vulnerability in dumb has been found and catagories as CVE-2006-3668. Description from CVE: Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier, and current CVS as of 20060716, allows user-complicit attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an enveloper with a large number of nodes. Description from DSA: Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files, which might lead to a buffer overflow and execution of arbitrary code if manipulated files are read. Debian has a fix, I'm currently test building a new version with this fix.
Version 0.9.3-4 which fixes this has been build for FC-5 and devel and should show up on a mirror near you soon.
In the future please make sure the application name appears in the summary title. Thank you, -Jim P.