From owner-cvs-all@FreeBSD.ORG  Thu Mar  9 08:42:29 2006
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 95B9E16A420;
	Thu,  9 Mar 2006 08:42:29 +0000 (GMT) (envelope-from vd@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 653DC43D46;
	Thu,  9 Mar 2006 08:42:29 +0000 (GMT) (envelope-from vd@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k298gTig068954;
	Thu, 9 Mar 2006 08:42:29 GMT (envelope-from vd@repoman.freebsd.org)
Received: (from vd@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k298gTqq068953;
	Thu, 9 Mar 2006 08:42:29 GMT (envelope-from vd)
Message-Id: <200603090842.k298gTqq068953@repoman.freebsd.org>
From: Vasil Dimov <vd@FreeBSD.org>
Date: Thu, 9 Mar 2006 08:42:28 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/multimedia/mplayer Makefile
 ports/multimedia/mplayer/files patch-libmpdemux_demuxer.h
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2006 08:42:29 -0000

vd          2006-03-09 08:42:28 UTC

  FreeBSD ports repository

  Modified files:
    multimedia/mplayer   Makefile 
  Added files:
    multimedia/mplayer/files patch-libmpdemux_demuxer.h 
  Log:
  Fix mplayer vulnerability (heap overflow) in the ASF demuxer
  
  Arbitrary remote code execution under the user ID running the player
  when streaming an ASF file from a malicious server.
  
  PR:             ports/93767
  Submitted by:   "Thomas E. Zander" <riggs@rrr.de> (maintainer)
  Approved by:    portmgr (erwin)
  Obtained from:  mplayer CVS repo: http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpdemux/demuxer.h.diff?r2=1.90&r1=1.87&f=u
  Security:       heap overflow in the ASF demuxer (http://www.mplayerhq.hu/design7/news.html#vuln13, http://bugs.gentoo.org/show_bug.cgi?id=122029)
  
  Revision  Changes    Path
  1.130     +1 -1      ports/multimedia/mplayer/Makefile
  1.1       +37 -0     ports/multimedia/mplayer/files/patch-libmpdemux_demuxer.h (new)