diff -Naurp libmikmod-3.1.11/loaders/load_it.c libmikmod-3.1.11.oden/loaders/load_it.c
--- libmikmod-3.1.11/loaders/load_it.c 2010-08-12 12:32:25.000000000 -0400
+++ libmikmod-3.1.11.oden/loaders/load_it.c 2010-08-12 12:32:51.000000000 -0400
@@ -862,6 +862,10 @@ BOOL IT_Load(BOOL curious)
#endif
IT_ProcessEnvelope(vol);
+ /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */
+ if (ih.volpts>= ENVPOINTS)
+ ih.volpts = ENVPOINTS-1;
+
for(u=0;u<ih.volpts;u++)
d->volenv[u].val=(ih.volnode[u]<<2);
diff -Naurp libmikmod-3.1.11/loaders/load_ult.c libmikmod-3.1.11.oden/loaders/load_ult.c
--- libmikmod-3.1.11/loaders/load_ult.c 2010-08-12 12:32:25.000000000 -0400
+++ libmikmod-3.1.11.oden/loaders/load_ult.c 2010-08-12 12:32:51.000000000 -0400
@@ -224,6 +224,9 @@ BOOL ULT_Load(BOOL curious)
for(u=0;u<of.numchn;u++)
for(t=0;t<of.numpat;t++)
of.patterns[(t*of.numchn)+u]=tracks++;
+ /* fix for CVE-2009-3996 - snatched from SuSe's fix -- AW */
+ if (of.numchn>=UF_MAXCHAN)
+ of.numchn=UF_MAXCHAN - 1;
/* read pan position table for v1.5 and higher */
if(mh.id[14]>='3') {
distrib
>
Mandriva
>
2010.1
>
x86_64
>
media
>
main-updates-src
>
by-pkgid
>
397764f175378802720d3d96747d68ed
>
files
>
3
