232997 CVE-2007-5400 2008-07-26 15:04 0000 media-video/realplayer <11.0.0.4028-r1 SWF file heap-based buffer overflow (CVE-2007-5400) 2008-10-17 07:52:05 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://service.real.com/realplayer/security/07252008_player/en/ B2 [glsa] P2 normal --- 235777 1 carlo@gentoo.org security@gentoo.org media-video@gentoo.org pocmatos@gmail.com carlo@gentoo.org 2008-07-26 15:04:42 0000 SWF file heap-based buffer overflow beandog@gentoo.org 2008-07-29 01:50:51 0000 Realplayer 11 was masked for testing. Never heard a peep though, so I just unmasked it. denissorn@hotmail.com 2008-07-29 14:29:50 0000 (In reply to comment #1) > Realplayer 11 was masked for testing. Never heard a peep though, so I just > unmasked it. > Hi. reaplay and realplay.bin were not set executable. I had to chmod x them. rbu@gentoo.org 2008-08-05 01:37:15 0000 ping, video team. zzam@gentoo.org 2008-08-08 17:43:20 0000 (In reply to comment #2) > > Hi. reaplay and realplay.bin were not set executable. I had to chmod x them. > This is fixed. See Bug #233415. (In reply to comment #3) @rbu: What should we do? py@gentoo.org 2008-08-09 21:53:02 0000 is fixed. See Bug #233415. > > (In reply to comment #3) > @rbu: What should we do? > since the vulnerable version (0.10.9) had stable keywords, we'll need a fixed version with stable keywords too. Is realplayer-11.0.0.4028-r1 ready to go stable? If so, feel free to CC arches on this bug for stabilisation. rbu@gentoo.org 2008-08-14 10:53:34 0000 Please let us know whether you consider the ebuild ready for stabling. rbu@gentoo.org 2008-08-15 14:31:48 0000 Arches, please test and mark stable: =media-video/realplayer-11.0.0.4028-r1 Target keywords : "amd64 x86" maekke@gentoo.org 2008-08-15 18:15:25 0000 amd64/x86 stable, all arches done. g0upetd02@sneakemail.com 2008-08-25 23:26:23 0000 RealPlayer-11.0.0.4028-r1 wouldn't unpack: >>> Unpacking source... >>> Unpacking RealPlayer11GOLD.rpm to /var/tmp/portage/media-video/realplayer-11.0.0.4028-r1/work * * ERROR: media-video/realplayer-11.0.0.4028-r1 failed. * Call stack: * ebuild.sh, line 49: Called src_unpack * environment, line 2177: Called rpm_src_unpack * environment, line 2044: Called die * The specific snippet of code: * rpm_unpack ${DISTDIR}/${x} || die "${myfail}"; * The die message: * failure unpacking RealPlayer11GOLD.rpm * * If you need support, post the topmost build error, and the call stack if relevant. * A complete build log is located at '/var/log/portage/media-video:realplayer-11.0.0.4028-r1:20080825-232153.log'. * The ebuild environment file is located at '/var/tmp/portage/media-video/realplayer-11.0.0.4028-r1/temp/environment'. * rbu@gentoo.org 2008-08-26 00:35:13 0000 Matthew, please open a new bug for that and mark it as a blocker of this bug. Please attach the full build log, and your emerge --info. pocmatos@gmail.com 2008-08-28 08:29:43 0000 Same problem here with rpm_unpack. rbu@gentoo.org 2008-09-04 20:12:21 0000 GLSA 200809-03 wsheets@sbcglobal.net 2008-09-15 12:53:32 0000 ** (realplay.bin:18835): CRITICAL **: file superbufhscale.cpp: line 493 (void hx_superbuf_hscale_init(HXSuperbufHScale*)): assertion `superbuf_hscale->tile_graphics[HX_SUPERB_MODE_BG].pixbuf' failed ** (realplay.bin:18835): WARNING **: HXPlayer: Error 0x80004005: "A general error has occurred." This is what I see when running the stable 32-bit version on an amd64 machine. The same machine will run a 64-bit nightly build from helix, however. No one else seeing this? pva@gentoo.org 2008-10-17 07:52:05 0000 (In reply to comment #13) > ** (realplay.bin:18835): CRITICAL **: file superbufhscale.cpp: line 499 ... Please, open new bug. This bug is fixed ;)