** Changed in: mplayer (Ubuntu Dapper)
Status: In Progress = Fix Committed
** Changed in: mplayer (Ubuntu Edgy)
Status: In Progress = Fix Committed
** Changed in: mplayer (Ubuntu Feisty)
Status: In Progress = Fix Committed
** Changed in: mplayer (Ubuntu Gutsy)
This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu9.3
---
mplayer (2:1.0~rc1-0ubuntu9.3) feisty-security; urgency=low
* SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header
parser, and URL parser. (LP: #191488)
* stream/librtsp/rtsp_session.c,
This bug was fixed in the package mplayer - 2:1.0~rc1-0ubuntu13.2
---
mplayer (2:1.0~rc1-0ubuntu13.2) gutsy-security; urgency=low
* SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, FLAC header
parser, and URL parser. (LP: #191488)
* stream/librtsp/rtsp_session.c,
** Changed in: mplayer (Ubuntu Edgy)
Status: Fix Committed = Fix Released
** Changed in: mplayer (Ubuntu Dapper)
Status: Fix Committed = Fix Released
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification
This bug was fixed in the package mplayer - 2:1.0~rc2-0ubuntu9
---
mplayer (2:1.0~rc2-0ubuntu9) hardy; urgency=low
[ Luke Yelavich ]
* etc/example.conf: Use pulseaudio by default, and fallback to alsa.
[ William Grant ]
* SECURITY UPDATE: buffer overruns in CDDB, MOV
Thanks for the debdiffs. Gutsy's mplayer uses dpatch for patch
management. Can you update the gutsy debdiff to use dpatch?
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which
It doesn't really use dpatch for it; it uses bzr. Somebody unrelated to
the package decided to add dpatch very late in the cycle, without
telling anyone, and without bzr, and we're trying to ignore that
mistake. bzr + dpatch == silly.
--
[mplayer] [DSA-1496-1] several buffer overflows
spuk: Are you suggesting that's a fix for those two issues?
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: mplayer (Ubuntu Feisty)
Importance: Undecided = High
Assignee: (unassigned) = William Grant (fujitsu)
Status: New = In Progress
** Changed in: mplayer (Ubuntu Gutsy)
Importance: Undecided = High
Assignee: (unassigned) = William Grant (fujitsu)
Status:
Yes.
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Attachment added: feisty debdiff
http://launchpadlibrarian.net/12522852/feisty.diff
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
** Attachment added: gutsy debdiff
http://launchpadlibrarian.net/12522855/gutsy.diff
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
The patches took a few crowbarrings to fit into Feisty and Gutsy, but
they work fine now. Hardy's FTBFS for some unrelated reason. I'm
checking the applicability to Dapper and Edgy now.
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this
CVE-2008-0486 doesn't affect dapper, but all of the others do.
** Attachment added: dapper debdiff
http://launchpadlibrarian.net/12524325/dapper.diff
** Changed in: mplayer (Ubuntu Dapper)
Importance: Undecided = High
Assignee: (unassigned) = William Grant (fujitsu)
Status: New
** Attachment added: edgy debdiff
http://launchpadlibrarian.net/12524327/edgy.diff
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
MDVSA-2008:045
(http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:045) also lists
the following xine-lib issues, which also affects
MPlayer due to code similarity.:
CVE-2008-0225
CVE-2008-0238
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0225
** CVE
FYI (re CVE-2008-0225 CVE-2008-0238): svn log -vr 22821
svn://svn.mplayerhq.hu/mplayer/trunk/
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for
** Changed in: mplayer (Ubuntu)
Importance: Undecided = High
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
CVE 2008-0630
http://www.mplayerhq.hu/MPlayer/patches/
** Attachment added: url_fix_20080120.diff
http://launchpadlibrarian.net/11951737/url_fix_20080120.diff
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because
CVE-2008-0485
http://www.mplayerhq.hu/MPlayer/patches/
** Attachment added: demux_mov_fix_20080129.diff
http://launchpadlibrarian.net/11917882/demux_mov_fix_20080129.diff
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug
** Changed in: mplayer (Ubuntu)
Status: New = Confirmed
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
CVE 2008-0629
http://www.mplayerhq.hu/MPlayer/patches/
** Attachment added: stream_cddb_fix_20080120.diff
http://launchpadlibrarian.net/11951742/stream_cddb_fix_20080120.diff
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug
CVE 2008-0486
http://www.mplayerhq.hu/MPlayer/patches/
** Attachment added: demux_audio_fix_20080129.diff
http://launchpadlibrarian.net/11951752/demux_audio_fix_20080129.diff
--
[mplayer] [DSA-1496-1] several buffer overflows
https://bugs.launchpad.net/bugs/191488
You received this bug
23 matches
Mail list logo