quoting from http://www.mplayerhq.hu/design7/news.html The code mentioned in DSA 1244-1 is also included in MPlayer. A potential buffer overflow was found in the code used to handle RealMedia RTSP streams. When checking for matching asm rules, the code stores the results in a fixed-size array, but no boundary checks are performed. This may lead to a buffer overflow if the user is tricked into connecting to a malicious server. Since the attacker can not write arbitrary data into the buffer, creating an exploit is very hard; but a DoS attack is easily made. Severity High (DoS and eventually arbitrary remote code execution under the user ID running the player) when setting up a RTSP session from a malicious server, null if you do not use this feature. At the time the buffer overflow was fixed there was no known exploit. Solution A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c, stream/realrtsp/asmrp.h and stream/realrtsp/real.c. Users of affected MPlayer versions should download a patch for MPlayer 1.0rc1 or update to the latest version if they're using SVN.
*** Bug 159990 has been marked as a duplicate of this bug. ***
OK thanks Jonathan. Do you know if 1.0_pre8 is affected too?
I have no first hand knowledge of whether pre8 is affected, but I would assume it is. rc1 is already stable on some arches, however, and it would make sense to me to stablize rc1+fix on all arches.
media-video, pls provide an updated ebuild including the patch
Added mplayer-1.0_rc1-r2 to the tree with included patch
*** Bug 164340 has been marked as a duplicate of this bug. ***
Hi arches, please test and mark stable mplayer-1.0_rc1-r2 if appropriate, thanks
x86 stable
ppc stable
stable on hppa
amd64 stable
sparc stable.
Stable on IA64.
Stable on Alpha.
ppc64 stable
GLSA 200702-11 , sorry for the delay
