Bugzilla Bug 159727

quoting from http://www.mplayerhq.hu/design7/news.html

The code mentioned in DSA 1244-1 is also included in MPlayer. A potential
buffer overflow was found in the code used to handle RealMedia RTSP streams.
When checking for matching asm rules, the code stores the results in a
fixed-size array, but no boundary checks are performed. This may lead to a
buffer overflow if the user is tricked into connecting to a malicious server.
Since the attacker can not write arbitrary data into the buffer, creating an
exploit is very hard; but a DoS attack is easily made.
Severity

High (DoS and eventually arbitrary remote code execution under the user ID
running the player) when setting up a RTSP session from a malicious server,
null if you do not use this feature. At the time the buffer overflow was fixed
there was no known exploit.
Solution

A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC as
r21799. The fix involves three files: stream/realrtsp/asmrp.c,
stream/realrtsp/asmrp.h and stream/realrtsp/real.c. Users of affected MPlayer
versions should download a patch for MPlayer 1.0rc1 or update to the latest
version if they're using SVN.

*** Bug 159990 has been marked as a duplicate of this bug. ***

OK thanks Jonathan.

Do you know if 1.0_pre8 is affected too?

I have no first hand knowledge of whether pre8 is affected, but I would assume
it is. rc1 is already stable on some arches, however, and it would make sense
to me to stablize rc1+fix on all arches.

media-video, pls provide an updated ebuild including the patch

Added mplayer-1.0_rc1-r2 to the tree with included patch

*** Bug 164340 has been marked as a duplicate of this bug. ***

Hi arches, please test and mark stable mplayer-1.0_rc1-r2 if appropriate,
thanks

x86 stable

ppc stable

stable on hppa

amd64 stable

sparc stable.

Stable on IA64.

Stable on Alpha.

ppc64 stable

GLSA 200702-11 , sorry for the delay