Author: diego Date: Sat Feb 2 16:30:19 2008 New Revision: 3131 Log: spelling/wording/grammar
Modified: trunk/src/news.src.en Modified: trunk/src/news.src.en ============================================================================== --- trunk/src/news.src.en (original) +++ trunk/src/news.src.en Sat Feb 2 16:30:19 2008 @@ -17,14 +17,14 @@ <p> A buffer overflow was found and reported by Adam Bozanich of Musecurity in the -code used to extract album titles from cbbd server answers. +code used to extract album titles from CDDB server answers. </p> <p> -When parsing answers from the cddb server, the album title is copied into a -fixed-size buffer with insufficient checks on its size, and may cause a buffer +When parsing answers from the CDDB server, the album title is copied into a +fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious database entry could trigger a buffer overflow in the -program, that can lead to arbitrary code execution with the UID of the user +program. That can lead to arbitrary code execution with the UID of the user running MPlayer. </p> @@ -32,8 +32,8 @@ <p> High (arbitrary code execution under the user ID running the player) when -getting disk information from a malicious cddb entry, null if you do not use -this feature. Please note that it is possible to overwrite entries in the cddb +getting disk information from a malicious CDDB entry, null if you do not use +this feature. Please note that it is possible to overwrite entries in the CDDB database, so an attack can also be performed via a non-compromised server. At the time the buffer overflow was fixed there was no known exploit in the wild. </p> @@ -46,14 +46,14 @@ for this problem was committed to SVN on Sun Jan 20 20:58:02 2008 UTC as r25824. Users of affected MPlayer versions should download a <a href="http://www.mplayerhq.hu/MPlayer/patches/stream_cddb_fix_20080120.diff";>patch</a> -for MPlayer 1.0rc2 or update to the latest version if they're using SVN. +for MPlayer 1.0rc2 or update to the latest version if they are using SVN. </p> <h3>Affected versions</h3> <p> MPlayer 1.0rc2 and SVN before r25824 (Sun Jan 20 20:58:02 2008 UTC). -Older versions are probably affected, too, but they were not checked. +Older versions are probably affected, but they were not checked. </p> @@ -79,23 +79,23 @@ <p> A buffer overflow was found and reported by Adam Bozanich of Musecurity in the -code used to escape url strings. +code used to escape URL strings. </p> <p> -The code used to skip over IPv6 addresses can be tricked to leave a pointer to -a temporary buffer with a non-NULL value; this causes the unescape code to reuse -the buffer, and may lead to a buffer overflow if the old buffer is smaller than -required. A malicious url string may be used to trigger a buffer overflow in the -program, that can lead to arbitrary code execution with the UID of the user -running MPlayer. +The code used to skip over IPv6 addresses can be tricked into leaving a pointer +to a temporary buffer with a non-NULL value; this causes the unescape code to +reuse the buffer, and may lead to a buffer overflow if the old buffer is +smaller than required. A malicious URL string may be used to trigger a buffer +overflow in the program, that can lead to arbitrary code execution with the +UID of the user running MPlayer. </p> <h3>Severity</h3> <p> High (arbitrary code execution under the user ID running the player) if you can -play untrusted urls (eg. delivered by a remote playlist), null if you do not +play untrusted URLs (e.g. delivered by a remote playlist), null if you do not use this feature. At the time the buffer overflow was fixed there was no known exploit in the wild. </p> @@ -108,14 +108,14 @@ for this problem was committed to SVN on Sun Jan 20 20:43:46 2008 UTC as r25823. Users of affected MPlayer versions should download a <a href="http://www.mplayerhq.hu/MPlayer/patches/url_fix_20080120.diff";>patch</a> -for MPlayer 1.0rc2 or update to the latest version if they're using SVN. +for MPlayer 1.0rc2 or update to the latest version if they are using SVN. </p> <h3>Affected versions</h3> <p> MPlayer 1.0rc2 and SVN before r25823 (Sun Jan 20 20:43:46 2008 UTC). -Older versions are probably affected, too, but they were not checked. +Older versions are probably affected, but they were not checked. </p> @@ -141,15 +141,15 @@ <p> A buffer overflow was found and reported by Felipe Manzano and Anibal Sacco of -CORE Security Technologies in the code used to parse the mov file headers. +CORE Security Technologies in the code used to parse MOV file headers. Other similar issues were found by Reimar Döffinger while fixing the code. -The vulnerability is identified with CORE-2008-0122. +The vulnerability is identified as CORE-2008-0122. </p> <p> -The code read some values from the file and uses them as indexes into an array -allocated on the heap, without performing any boundary check. A malicious file -may be used to trigger a buffer overflow in the program, that can lead to +The code read some values from the file and used them as indexes into an array +allocated on the heap without performing any boundary check. A malicious file +may be used to trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer. </p> @@ -157,7 +157,7 @@ <p> High (arbitrary code execution under the user ID running the player) when -playing a malicious mov file, null if you do not use this feature. At the time +playing a malicious MOV file, null if you do not use this feature. At the time the buffer overflow was fixed there was no known exploit in the wild. </p> @@ -171,14 +171,14 @@ r25922. Users of affected MPlayer versions should download a <a href="http://www.mplayerhq.hu/MPlayer/patches/demux_mov_fix_20080129.diff";>patch</a> -for MPlayer 1.0rc2 or update to the latest version if they're using SVN. +for MPlayer 1.0rc2 or update to the latest version if they are using SVN. </p> <h3>Affected versions</h3> <p> MPlayer 1.0rc2 and SVN before r25922 (Tue Jan 29 22:14:00 2008 UTC). -Older versions are probably affected, too, but they were not checked. +Older versions are probably affected, but they were not checked. </p> @@ -205,7 +205,7 @@ <p> A stack overflow was found and reported by Damian Frizza and Alfredo Ortega of CORE Security Technologies in the code used to parse FLAC comments. The -vulnerability is identified with CORE-2008-1218. +vulnerability is identified as CORE-2008-1218. </p> <p> @@ -232,14 +232,14 @@ for this problem was committed to SVN on Tue Jan 29 22:00:58 2008 UTC as r25917. Users of affected MPlayer versions should download a <a href="http://www.mplayerhq.hu/MPlayer/patches/demux_audio_fix_20080129.diff";>patch</a> -for MPlayer 1.0rc2 or update to the latest version if they're using SVN. +for MPlayer 1.0rc2 or update to the latest version if they are using SVN. </p> <h3>Affected versions</h3> <p> MPlayer 1.0rc2 and SVN before r25917 (Tue Jan 29 22:00:58 2008 UTC). -Older versions are probably affected, too, but they were not checked. +Older versions are probably affected, but they were not checked. </p> @@ -571,7 +571,7 @@ <p> A stack overflow was found and reported by Stefan Cornelius of Secunia -Research in the code used to handle cddb queries. Two other similar issues +Research in the code used to handle CDDB queries. Two other similar issues were found by Reimar Döffinger while fixing the issue. The vulnerability is identified with CVE-2007-2948 and <a href="http://secunia.com/advisories/24302/";>SAID 24302</a>. @@ -588,9 +588,9 @@ <p> High (arbitrary remote code execution under the user ID running the player) -when getting disk information from a malicious cddb entry, null if you do not +when getting disk information from a malicious CDDB entry, null if you do not use this feature. Please note that it is possible to overwrite entries in the -cddb database, so an attack can also be performed via a non-compromised server. +CDDB database, so an attack can also be performed via a non-compromised server. At the time the buffer overflow was fixed there was no known exploit in the wild. </p> _______________________________________________ MPlayer-DOCS mailing list [email protected] https://lists.mplayerhq.hu/mailman/listinfo/mplayer-docs
