Summary: | media-video/mplayer{-bin} CDDB Parsing Buffer Overflows (CVE-2007-2948) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/24302/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 182923 | ||
Bug Blocks: |
Description
Lars Hartmann
2007-06-06 15:51:35 UTC
maintainers - please advice and bump as necessary maintainers - please advice and bump as necessary mplayer-1.0.20070622 in tree thaks maintainers for providing that ebuild arches please test and mark stable target keywords are: media-video/mplayer-1.0.20070622:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86" AMD64:
emerges ok (USE="3dnow 3dnowext X a52 aac alsa cddb cdparanoia dts dvb dvd dvdread encode gif gtk iconv jpeg lirc mad mmx mmxext mp3 openal opengl png rtc sdl srt sse sse2 truetype unicode v4l v4l2 vorbis x264 xv -aalib (-altivec) -amrnb -amrwb -arts -bidi -bindist -bl -cpudetection -custom-cflags -debug -dga -directfb -doc -dv -dvdnav -enca -esd -fbcon -ftp -ggi -ipv6 -ivtv -jack -joystick -libcaca -live -livecd -lzo -md5sum -mp2 -musepack -nas -oss -pnm -quicktime -radio -rar -real -samba -speex (-svga) -tga -theora -tivo (-vidix) (-win32codecs) -xanim -xinerama -xvid -xvmc -zoran" VIDEO_CARDS="-mga -s3virge -tdfx -vesa")
no collisions
warnings during emerge:
* Make install completed
cp: cannot stat `/var/tmp/portage/media-video/mplayer-1.0.20070622/image//Gui/mplayer/pixmaps/logo.xpm': No such file or directory
>>> Completed installing mplayer-1.0.20070622 into /var/tmp/portage/media-video/mplayer-1.0.20070622/image/
ecompressdir: bzip2 -9 usr/share/man
* QA Notice: Package has poor programming practices which may compile
* fine but exhibit random runtime failures.
* asxparser.c:564: warning: dereferencing type-punned pointer will break strict-aliasing rules
...loads more errors of the same for different files
* QA Notice: Package has poor programming practices which may compile
* fine but exhibit random runtime failures.
* interface.c:655: warning: implicit declaration of function 'vcd_seek_to_track'
...similar errors with different functions
* QA Notice: Package has poor programming practices which may compile
* fine but exhibit random runtime failures.
* vf_qp.c:91: warning: incompatible implicit declaration of built-in function 'lrintf'
ppc64 stable Marked stable for HPPA: media-libs/amrnb-6.1.0.3 media-libs/amrwb-7.0.0.0 media-video/mplayer-1.0.20070622 amd64 done, thanks Simon Marked this bug as blocked by 183013 - mplayer fails compile. alpha/ia64 stable x86 stable 20070622 sparc stable. Was -r1 intended to go stable? Because x86 did it. (In reply to comment #12) > 20070622 sparc stable. > Was -r1 intended to go stable? Because x86 did it. > Minor changes, either one should be fine. I marked -r1 stable on amd64. ppc stable arches please test and mark stable target keywords are: media-video/mplayer-1.0.20070622-r1:KEYWORDS=alpha amd64 hppa ia64 ppc ppc64 sparc x86 Lars: why? As steve said -r1 isn't related to this security bug so you shouldn't have called for stabling here and just adds up to confusion... (In reply to comment #16) > Lars: why? +1 alpha/ia64 stable ppc64 stable this bug is ready for glsa decision B2 always implies a GLSA. GLSA 200707-07, thanks everybody |