Bug 128512

Summary: [PATCH]audio/faad: fix buffer overflow in command-line frontend
Product: Ports & Packages Reporter: bf <bf2006a>
Component: Individual Port(s)Assignee: freebsd-multimedia (Nobody) <multimedia>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description bf 2008-11-01 03:10:00 UTC 
Add an upstream patch for CVE-2008-4201, and bump portrevision:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-11-01 03:10:12 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->freebsd-multimedia

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Pav Lucistnik freebsd_committer freebsd_triage 2008-11-12 16:31:04 UTC 
State Changed
From-To: open->closed

Committed, thanks!
Comment 3 dfilter service freebsd_committer freebsd_triage 2008-11-12 16:31:41 UTC 
pav         2008-11-12 16:31:27 UTC

  FreeBSD ports repository

  Modified files:
    audio/faad           Makefile 
  Added files:
    audio/faad/files     patch-frontend_main.c 
  Log:
  - Fix a heap-based buffer overflow in the command-line frontend. It allows
    remote attackers to cause a denial of service (crash) and possibly execute
    arbitrary code via a crafted MPEG-4 (MP4) file.
  
  PR:             ports/128512
  Submitted by:   bf <bf2006a@yahoo.com>
  Security:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201
  
  Revision  Changes    Path
  1.51      +1 -0      ports/audio/faad/Makefile
  1.1       +17 -0     ports/audio/faad/files/patch-frontend_main.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"