A vulnerability exists when handling RealText that can result in a heap overflow.
Upgrade to realplayer-10.0.5 and helixplayer-1.0.5 is necessary.
It doesn't seems to be released yet (also if Real's security advisory states else).
Ok committed 1.0.5 and 10.0.5. Little problem: I can't test helixplayer here as it's x86-only so I dropped the keywords until someone can test it.
Thx Diego, x86 please test and mark helixplayer-1.0.5 ~x86 realplayer-10.0.5 x86
x86 testing: see above comment.
x86/someone please test and mark stable ASAP.
marked ~x86
Tested realplayer-10.0.5 and marked stable on x86 on request from jaervosz.
Thx everyone, ready for GLSA
GLSA 200507-04