The upstream ChangeLog for 0.8.9.0, released on April 27, says:
OOB Write and Read fixes + a number of divide by zero fixes.
(ABC, PAT, AMF, MDL, PSM, XM, IT, MMCMP, MID)
Freeze push requested for Cauldron.
Asssigning to the registered maintainer
Sorry for the delay, just pushed libmodplug-0.8.9.0-1.mga5 to core/updates_testing.
Updated libmodplug packages fix security vulnerabilities
libmodplug 0.8.9.0 fixes various out-of-bounds read and write errors as well
as divide-by-zero issues.
RPMs in core/updates_testing:
SRPM in core/updates_testing:
MGA5-32 on Asus A6000VM Xfce
No installation issues.
Looking for what depends on libmodplug I find mpd. A wild guess: playing some music from a USB stick is a test??? Works OK.
vlc-plugins-mod is also listed, and different vlcplugins are called.
Can someone confirm this is OK or put me on the right track.
libmodplug is only used for some formats, like the ones listed in Comment 0, but not for recorded music like mp3 or ogg. You might still be able to find some XM files on the frozen bubble website.
Installed and tested without issues.
Used moc player to test and strace to confirm that libmodplug.so was loaded. ALSA used for audio output.
Music mod files, in various formats (e.g. s3m, xm, mod), used in test were downloaded from
System: Mageia 5, x86_64, Intel CPU, Plasma, nVidia GPU using proprietary driver nvidia340.
$ uname -a
Linux marte 4.4.82-desktop-1.mga5 #1 SMP Sun Aug 13 18:03:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ grep libmodplug ~/tmp/mocp.strace
open("/lib64/libmodplug.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib64/moc/decoder_plugins/libmodplug_decoder.la", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/moc/decoder_plugins/libmodplug_decoder.so", O_RDONLY|O_CLOEXEC) = 3
Advisory from Comment 2.
Validating as this is for M5 only, 1 OK suffices.
An update for this issue has been pushed to the Mageia Updates repository.