Summary: | media-video/mplayer ASF File Parsing Integer Overflow (CAN-2006-0579) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | media-video, mgorny, Reimar.Doeffinger |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/18718/ | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-02-07 12:48:52 UTC
Waiting for upstream patch... Please avoid saying ".asf", it sounds like you mean the extension, but what matters here is that it is ASF file format - nobody cares about the extension. And maybe this: http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpdemux/demuxer.h.diff?r1=1.87&r2=1.88 already fixes it. Should be bundled with bug 115760 This would be the current version of that patch: http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpdemux/demuxer.h.diff?r1=1.87&r2=1.90&f=u Just to make clear: I did _not_ check demux_asf.c for (further) problems. * Stable handling on bug 115760 Common GLSA with bug 115760 GLSA 200603-03 (Spam administratively removed, by robbat2@gentoo.org, at Tue Jan 15 00:37:28 UTC 2008) (Spam administratively removed, by robbat2@gentoo.org, at Tue Jan 15 00:37:28 UTC 2008) |