diff -Naurp libmikmod-3.1.11/loaders/load_it.c libmikmod-3.1.11.oden/loaders/load_it.c --- libmikmod-3.1.11/loaders/load_it.c 2010-08-12 12:32:25.000000000 -0400 +++ libmikmod-3.1.11.oden/loaders/load_it.c 2010-08-12 12:32:51.000000000 -0400 @@ -862,6 +862,10 @@ BOOL IT_Load(BOOL curious) #endif IT_ProcessEnvelope(vol); + /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */ + if (ih.volpts>= ENVPOINTS) + ih.volpts = ENVPOINTS-1; + for(u=0;u<ih.volpts;u++) d->volenv[u].val=(ih.volnode[u]<<2); diff -Naurp libmikmod-3.1.11/loaders/load_ult.c libmikmod-3.1.11.oden/loaders/load_ult.c --- libmikmod-3.1.11/loaders/load_ult.c 2010-08-12 12:32:25.000000000 -0400 +++ libmikmod-3.1.11.oden/loaders/load_ult.c 2010-08-12 12:32:51.000000000 -0400 @@ -224,6 +224,9 @@ BOOL ULT_Load(BOOL curious) for(u=0;u<of.numchn;u++) for(t=0;t<of.numpat;t++) of.patterns[(t*of.numchn)+u]=tracks++; + /* fix for CVE-2009-3996 - snatched from SuSe's fix -- AW */ + if (of.numchn>=UF_MAXCHAN) + of.numchn=UF_MAXCHAN - 1; /* read pan position table for v1.5 and higher */ if(mh.id[14]>='3') {