Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 208566
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Hanno Boeck <hanno@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 208566 depends on: Show dependency tree
Bug 208566 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-02-02 12:08 0000 
from mplayerhq.hu:

2008-01-29, Tuesday :: stack overflow in demux_audio.c
2008-01-29, Tuesday :: buffer overflow in demux_mov.c
2008-01-30, Wednesday :: buffer overflow in url.c
2008-01-30, Wednesday :: buffer overflow in stream_cddb.c

All fixed in current mplayer svn, no release (and probably not to be expected
soon).

------- Comment #1 From Hanno Boeck 2008-02-06 11:40:10 0000 ------- 
*** Bug 209104 has been marked as a duplicate of this bug. ***

------- Comment #2 From Sune Kloppenborg Jeppesen 2008-02-10 14:53:48 0000 ------- 
media-video please advise.

------- Comment #3 From Steve Dibb 2008-02-14 01:35:17 0000 ------- 
(In reply to comment #2)
> media-video please advise.
> 

media-video/mplayer-1.0_rc2_p25993 in tree

------- Comment #4 From Sune Kloppenborg Jeppesen 2008-02-14 19:02:15 0000 ------- 
Arches please test and mark stable. Target keywords are:

mplayer-1.0_rc2_p25993.ebuild:KEYWORDS="alpha amd64 hppa ia64 ~mips ppc ppc64
sparc x86 ~x86-fbsd"

------- Comment #5 From Christian Faulhammer 2008-02-14 20:26:16 0000 ------- 
x86 stable

------- Comment #6 From Ferris McCormick 2008-02-14 21:46:19 0000 ------- 
Sparc stable (also for media-libs/libggiwmh-0.3.2 which is required if
USE=ggi).

------- Comment #7 From Brent Baude 2008-02-15 01:52:56 0000 ------- 
ppc64 stable

------- Comment #8 From Jeroen Roovers 2008-02-15 17:28:47 0000 ------- 
Readding ppc64:

   media-video/mplayer/mplayer-1.0_rc2_p25993.ebuild:
ppc64(default-linux/ppc/ppc64/2007.0/64bit-userland) ['media-libs/libggiwmh']
   media-video/mplayer/mplayer-1.0_rc2_p25993.ebuild: ppc64(hardened/ppc64)
['media-libs/libggiwmh']

@Brent: I think it would a good idea to review how you commit your keywording
changes. You tend to miss some dependencies here and there...

------- Comment #9 From Jeroen Roovers 2008-02-15 17:34:08 0000 ------- 
Stable for HPPA:
  =media-libs/libggiwmh-0.3.2
  =media-video/mplayer-1.0_rc2_p25993

------- Comment #10 From Brent Baude 2008-02-15 20:24:08 0000 ------- 
got the libgg dep

------- Comment #11 From Raúl Porcel 2008-02-15 20:33:23 0000 ------- 
alpha/ia64 stable, thanks Tobias

------- Comment #12 From Torsten Rehn 2008-02-15 22:28:54 0000 ------- 
#### AMD64 TEST REPORT #####

* overall emerge:       PASS
* multilib-strict:      PASS
* collision-protect:    PASS
* test phase:           NONE
* manual testing:       PASS

USE="X a52 aac alsa arts cdparanoia dts dvd encode ftp ggi gif gtk iconv ipv6
jack jpeg mmx mp3 opengl png quicktime sdl sse sse2 theora truetype unicode
vorbis x264 xinerama xv xvid -3dnow -3dnowext -aalib (-altivec) -amrnb -amrwb
-bidi -bindist -bl -cddb -cdio -cpudetection -custom-cflags -debug -dga
-directfb -doc -dv -dvb -enca -esd -fbcon -joystick -ladspa -libcaca -lirc
-live -livecd -lzo -mad -md5sum -mmxext -mp2 -musepack -nas -nemesi -openal
-oss -pnm -pulseaudio -radio -rar -real -rtc -samba -speex -srt -ssse3 (-svga)
-teletext -tga -tivo -v4l -v4l2 (-vidix) (-win32codecs) -xanim -xvmc -zoran"
VIDEO_CARDS="-mga -s3virge -tdfx -vesa"

media-libs/libggiwmh-0.3.2 builds and passes tests.

---

Portage 2.1.4.4 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0,
2.6.23-gentoo-r8 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r8 x86_64 AMD Turion(tm) 64 X2 Mobile Technology
TL-50
Timestamp of tree: Fri, 15 Feb 2008 20:30:01 +0000
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -msse3 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf
/etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -msse3 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="buildpkg collision-protect distlocks metadata-transfer
multilib-strict sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo
ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/
ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo
ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo
ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo
ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/
ftp://ftp.gentoo.mesh-solutions.com/gentoo/
ftp://pandemonium.tiscali.de/pub/gentoo/"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --stats --timeout=180 --exclude=/distfiles
--exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acpi alsa amd64 arts bash-completion bitmap-fonts bzip2 cdda
cdparanoia cdr cgi cli cracklib crypt cups curl cvs dbus divx dri dts dvd
dvdnav dvdr dvdread encode exif fastcgi ffmpeg firefox fortran ftp fuse gcj ggi
gif glitz glut gmail gnutls gstreamer gtk gtk2 hal hbci history httpd iconv icq
imagemagick imap ipv6 isdnlog jabber jack java jpeg jpeg2k kde kdm keyring midi
mmx mod mozdevelop mp3 mpd mpeg mplayer mudflap ncurses network nntp nptl
nptlonly nsplugin nvidia offensive ogg opengl openmp openvpn oscar pam pcmcia
pcre pdf png pop pppd python qt3 qt3support qt4 quicktime readline reflection
rtsp sdl sdl-image shout skins smp soup spl sql sqlite sqlite3 sse sse2 ssl
statistics stream subversion svg symlink taglib tcpd theora threads tiff
truetype truetype-fonts type1-fonts unicode usb vcd vim-syntax vorbis
widescreen wifi wxwindows x264 xcomposite xinerama xml xorg xv xvid zip zlib"
ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare
dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw
multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias
auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm
authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache
dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache
filter headers include info log_config logio mem_cache mime mime_magic
negotiation rewrite setenvif speling status unique_id userdir usertrack
vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse synaptics"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001
mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="nvidia"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS,
PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS,
PORTDIR_OVERLAY

------- Comment #13 From Tobias Scherbaum 2008-02-16 18:48:31 0000 ------- 
ppc keyword has been dropped ... any specific reason I need to look for?

------- Comment #14 From Christoph Mende 2008-02-17 13:14:21 0000 ------- 
amd64 stable

------- Comment #15 From Tobias Scherbaum 2008-02-19 17:53:05 0000 ------- 
ppc stable

------- Comment #16 From Pierre-Yves Rofes 2008-02-19 20:10:32 0000 ------- 
request filed.

------- Comment #17 From Peter Volkov 2008-02-25 10:59:25 0000 ------- 
This bug was fixed in 2008.0 snapshot, removing release@ from CC.

------- Comment #18 From Pierre-Yves Rofes 2008-03-10 21:06:29 0000 ------- 
GLSA 200803-16
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug