75336 – [MAINTAINER-UPDATE] multimedia/mplayer

Bug 75336 - [MAINTAINER-UPDATE] multimedia/mplayer

Summary: [MAINTAINER-UPDATE] multimedia/mplayer

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-12-20 22:00 UTC by Thomas E. Zander
Modified:	2004-12-20 22:31 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (1.18 KB, patch) 2004-12-20 22:00 UTC, Thomas E. Zander	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas E. Zander 2004-12-20 22:00:52 UTC

Several security flaws have been detected in mplayer's streaming code base, including
o Potential heap overflow in Real RTSP streaming code
o Potential stack overflow in MMST streaming code
o Multiple buffer overflows in BMP demuxer
o Potential heap overflow in pnm streaming code
o Potential buffer overflow in mp3lib

Fix: The -try2 release contains fixes for these vulnerabilities.
Patch for the multimedia/mplayer port as follows:

Comment 1 Michael Johnson freebsd_committer

2004-12-20 22:31:30 UTC

State Changed
From-To: open->closed

Committed, Thanks!