Gentoo Bug 127352 - media-video/realplayer: buffer overrun via swf file (CVE-2006-0323)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	127352
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 127352 depends on:			Show dependency tree
Bug 127352 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-03-23 12:27 0000

according to above URL, linux realplayer 10.0.6 is affected by:

Vulnerability 2:
The identified vulnerability is a malicious swf file (flash media) which could
cause a buffer overrun on a customer's machine.
CVE-2006-0323

media-video, pls update the ebuild

------- Comment #1 From Matthias Geerdsen 2006-03-23 12:32:07 0000 -------

setting to B2

------- Comment #2 From Diego E. 'Flameeyes' Pettenò 2006-03-23 12:41:08 0000 -------

Too bad there's no 10.0.0.7 version on the download page :/

------- Comment #3 From Matthias Geerdsen 2006-03-23 12:54:53 0000 -------

hm, what about 10.0.7 on https://player.helixcommunity.org/2005/downloads/ ?

------- Comment #4 From Diego E. 'Flameeyes' Pettenò 2006-03-23 13:42:51 0000 -------

Gah, it wasn't there when I looked... time to update the ebuild now.

------- Comment #5 From Matthias Geerdsen 2006-03-23 15:43:02 0000 -------

ebuild is there, arches pls test
(commited directly to stable, just wanted to be on the save side)

------- Comment #6 From Chris White (RETIRED) 2006-03-23 21:09:54 0000 -------

Yup, x86 is good to go.

------- Comment #7 From Thierry Carrez (RETIRED) 2006-03-26 09:28:23 0000 -------

This is ready, though amd64 could still have a look.

------- Comment #8 From Danny van Dyk (RETIRED) 2006-03-26 12:24:41 0000 -------

Looks good on amd64. Removing from CC.

------- Comment #9 From Matthias Geerdsen 2006-03-26 13:29:21 0000 -------

this is GLSA 200603-24

thanks everyone

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 127352

media-video/realplayer: buffer overrun via swf file (CVE-2006-0323)

Last modified: 2006-03-26 13:29:21 0000