Date: Mon, 20 Dec 2004 22:52:52 +0100 (CET) From: "Thomas E. Zander" <riggs@rrr.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/75336: [MAINTAINER-UPDATE] multimedia/mplayer Message-ID: <200412202152.iBKLqqti052683@marvin.riggiland.au> Resent-Message-ID: <200412202200.iBKM0qSd032779@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 75336 >Category: ports >Synopsis: [MAINTAINER-UPDATE] multimedia/mplayer >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Dec 20 22:00:52 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Thomas E. Zander >Release: FreeBSD 5.3-RELEASE-p2 i386 >Organization: >Environment: System: FreeBSD marvin.riggiland.au 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #3: Thu Dec 2 14:40:54 CET 2004 root@marvin.riggiland.au:/usr/obj/usr/src/sys/MARVIN i386 >Description: Several security flaws have been detected in mplayer's streaming code base, including o Potential heap overflow in Real RTSP streaming code o Potential stack overflow in MMST streaming code o Multiple buffer overflows in BMP demuxer o Potential heap overflow in pnm streaming code o Potential buffer overflow in mp3lib >How-To-Repeat: >Fix: The -try2 release contains fixes for these vulnerabilities. Patch for the multimedia/mplayer port as follows: diff -ruN mplayer-old/Makefile mplayer/Makefile --- mplayer-old/Makefile Tue Nov 16 08:17:49 2004 +++ mplayer/Makefile Mon Dec 20 21:54:43 2004 @@ -243,7 +243,7 @@ PORTNAME= mplayer PORTVERSION= 0.99.5 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= multimedia audio ipv6 MASTER_SITES= http://www1.mplayerhq.hu/MPlayer/releases/ \ http://www2.mplayerhq.hu/MPlayer/releases/ \ @@ -255,7 +255,7 @@ ftp://ftp.lug.udel.edu/MPlayer/releases/ \ ftp://mirrors.xmission.com/MPlayer/releases/ \ http://www.rrr.de/~riggs/mplayer/ -DISTNAME= MPlayer-1.0pre5 +DISTNAME= MPlayer-1.0pre5try2 MAINTAINER= riggs@rrr.de COMMENT= High performance media player/encoder supporting many formats diff -ruN mplayer-old/distinfo mplayer/distinfo --- mplayer-old/distinfo Thu Aug 19 19:42:17 2004 +++ mplayer/distinfo Mon Dec 20 21:55:52 2004 @@ -1,4 +1,4 @@ -MD5 (MPlayer-1.0pre5.tar.bz2) = fbe6919eb025526e8ed129cd61a49969 -SIZE (MPlayer-1.0pre5.tar.bz2) = 5072836 +MD5 (MPlayer-1.0pre5try2.tar.bz2) = 724c905a8dddb7e8ec9722fc585f833d +SIZE (MPlayer-1.0pre5try2.tar.bz2) = 5073725 MD5 (mplayer1.0pre5-gtk2-20040730.patch.bz2) = 49840e54549f47fa859d0c3d27014202 SIZE (mplayer1.0pre5-gtk2-20040730.patch.bz2) = 38845 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412202152.iBKLqqti052683>