The 1.0.2 version is available. Apparently fixes a number of KDE related bugs. Thanks, -Erinn Here is a copy of the ChangeLog: HelixPlayer 1.0.2 for Linux adds support for the following two new languages: Polish (Contribution by Marcin Garski) Hindi (Contribution by Dhananjaya Sharma) A number of KDE-specific issues have been fixed since 1.0.1 mimelnk support - the player will now configure kde mime types gtk-qt theme engine fixes ensure the letter box surrounding the video window appears black Icons in the favorites menu make some qt-based themes look better Fullscreen support in versions of kde which predate freedesktop.org standards Reproducible: Always Steps to Reproduce:
Make that version 1.0.3 is now available this update apparently fixes a couple of security issues. Here are the details of the security issues: The specific exploits were: Exploit 1: To fashion a malicious WAV file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine. Exploit 2: To fashion a malicious SMIL file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine. Probably should be updated. -Erinn
adding the security team to the cc list to make sure you guys recognise this issue. please advise.
Here is a link to the page offering a bit more information (though not much more): http://service.real.com/help/faq/security/050224_player/EN/ Thanks, -Erinn
Thx luckyduck. From http://lists.helixcommunity.org/pipermail/player-cvs/2005-February/002531.html: + Security Issues Fixed in This Release + + * Incorrect RIFF/DATA chunk size headers causes + player to crash + * Long String in SMIL Parameter "system-screen-size" + Causes Buffer Overflow
27 Mar 2005; Chris White <chriswhite@gentoo.org> +files/helixplayer-1.0.3-bif.patch, +files/helixplayer-1.0.3-sem_t.patch, +helixplayer-1.0.3.ebuild: Bumping to 1.0.3 for security fixes.
