DSA-1850-1

Name	DSA-1850-1
Source	Debian
Description	libmodplug - arbitrary code execution
References	CVE-2009-1438, CVE-2009-1513
Debian/oldstable	package libmodplug is fixed in oldstable-security.
Debian/stable	not vulnerable
Debian/testing	not known to be vulnerable
Debian/unstable	not known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
libmodplug (PTS)	etch	1:0.7-5.2	vulnerable
	etch (security)	1:0.7-5.2+etch1	fixed
	lenny, lenny (security)	1:0.8.4-1+lenny1	fixed

The next table lists affected binary packages.

Binary Package	Release	Version	Status	Architecures
libmodplug-dev	etch	1:0.7-5.2	vulnerable	all
	etch (security)	1:0.7-5.2+etch1	fixed	all
	lenny, lenny (security)	1:0.8.4-1+lenny1	fixed	all
libmodplug0c2	etch	1:0.7-5.2	vulnerable	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	etch (security)	1:0.7-5.2+etch1	fixed	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	lenny, lenny (security)	1:0.8.4-1+lenny1	fixed	alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
libmodplug	source	etch	1:0.7-5.2+etch1	unknown
libmodplug	source	lenny	1:0.8.4-1+lenny1	unknown

Home - Testing Security Team - Debian Security - Imprint