Summary: | media-video/realplayer: .au Divide-By-Zero Denial of Service Vulnerability (CVE-2007-4904) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tobias Heinlein (RETIRED) <keytoaster> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | dyek, media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/bid/25627 | ||
Whiteboard: | B3 [upstream+] | ||
Package list: | Runtime testing required: | --- |
Description
Tobias Heinlein (RETIRED)
2007-09-11 14:56:40 UTC
This is CVE-2007-4904. still no news from upstream? :/ I'm told this bug is actually fixed in the nightly snaps.. Helix team decided that this divide-by-zero bug is not a security bug. This bug has already been fixed in RealPlayer nightly build available here: http://forms.helixcommunity.org/helix/builds/?category=realplay-current http://forms.helixcommunity.org/helix/builds/ (Use only linux-2.2-libc6-gcc32-i586@rhel4 bin or package. AMD64 builds aren't ready for use yet.) The nightly-build typically works better than the released RealPlayer. Thanks. Denial of Service within a user/client application is not considered a security vulnerability. Thanks for getting back to us, Daniel. |