[packman] MPlayer Severe Vulnerability
maps0can at tampabay.rr.com
maps0can at tampabay.rr.com
Wed Mar 1 23:01:04 CET 2006
MPlayer
http://www.mplayerhq.hu/design7/news.html
2006.02.15, Wednesday :: heap overflow in demuxer.h
A potential buffer overflow was found in the ASF demuxer, and further analysis
showed that the bug was in some more generic code in demuxer.h, used to
create and resize buffers. You can read the original bug report here
media-video/mplayer ASF File Parsing Integer Overflow (CAN-2006-0579) on
Gentoo Bugzilla.
Affected versions
MPlayer 1.0pre7, MPlayer 1.0pre7try2 and CVS before Sun Feb 12 09:28:09 2006
UTC. Older versions are probably affected, too, but they were not checked.
Unaffected versions
CVS HEAD after Sun Feb 12 09:28:09 2006 UTC
MPlayer 1.0pre7try2 + security patch
Please note that we are not releasing an updated tarball with this fix at this
moment. Since MPlayer 1.0pre7 is very old, we encourage you to upgrade to the
CVS version.
If you need to stay with 1.0pre7, get the MPlayer 1.0pre7try2 tarball, apply
the patch with the fix and recompile MPlayer.
If you mantain a binary package for MPlayer, please name the updated version
MPlayer 1.0pre7try3.
Can an updated SuSE RPM be produced to contain this fix?
Thank you.
- Paul
More information about the Packman
mailing list