Bug 96923

Summary:	media-video/{helix\|real}player heap overflow
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	henrik, media-video
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Other
URL:	http://service.real.com/help/faq/security/050623_player/EN/
Whiteboard:	A2 [glsa] jaervosz
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-06-23 23:18:54 UTC

A vulnerability exists when handling RealText that can result in a heap overflow.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-06-24 01:18:15 UTC

Upgrade to realplayer-10.0.5 and helixplayer-1.0.5 is necessary.

Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev

2005-06-24 04:22:46 UTC

It doesn't seems to be released yet (also if Real's security advisory states 
else).

Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev

2005-06-24 15:09:29 UTC

Ok committed 1.0.5 and 10.0.5. Little problem: I can't test helixplayer here 
as it's x86-only so I dropped the keywords until someone can test it.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-06-24 15:30:46 UTC

Thx Diego, 
 
x86 please test and mark   
helixplayer-1.0.5 ~x86  
realplayer-10.0.5 x86

Comment 5 Thierry Carrez (RETIRED) gentoo-dev

2005-06-27 01:19:20 UTC

x86 testing: see above comment.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-07-05 01:55:32 UTC

x86/someone please test and mark stable ASAP.

Comment 7 John Mylchreest (RETIRED) gentoo-dev

2005-07-06 03:04:45 UTC

marked ~x86

Comment 8 Henrik Brix Andersen 2005-07-06 04:40:42 UTC

Tested realplayer-10.0.5 and marked stable on x86 on request from jaervosz.

Comment 9 Thierry Carrez (RETIRED) gentoo-dev

2005-07-06 05:52:14 UTC

Thx everyone, ready for GLSA

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2005-07-06 06:51:24 UTC

GLSA 200507-04