Date: Wed, 1 Oct 2008 19:23:57 +0000 (UTC) From: Martin Wilke <miwi@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/multimedia/mplayer Makefile ports/multimedia/mplayer/files patch-CVE-2008-3827 Message-ID: <200810011923.m91JNvwn033956@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
miwi 2008-10-01 19:23:57 UTC
FreeBSD ports repository
Modified files:
multimedia/mplayer Makefile
Added files:
multimedia/mplayer/files patch-CVE-2008-3827
Log:
- Fix a vulnerability which could result in arbitrary code execution
and at least, in unexpected process termination. Three integer
underflows located in the Real demuxer code can be used to exploit
a heap overflow, a specific video file can be crafted in order to make
the stream_read function read or write arbitrary amounts of memory.
Approved by: maintainer via private mail
Security: http://www.vuxml.org/freebsd/724e6f93-8f2a-11dd-821f-001cc0377035.html
Revision Changes Path
1.177 +1 -1 ports/multimedia/mplayer/Makefile
1.1 +28 -0 ports/multimedia/mplayer/files/patch-CVE-2008-3827 (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810011923.m91JNvwn033956>