ports/75336: [MAINTAINER-UPDATE] multimedia/mplayer
Thomas E. Zander
riggs at rrr.de
Mon Dec 20 22:00:52 UTC 2004
>Number: 75336
>Category: ports
>Synopsis: [MAINTAINER-UPDATE] multimedia/mplayer
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 20 22:00:52 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Thomas E. Zander
>Release: FreeBSD 5.3-RELEASE-p2 i386
>Organization:
>Environment:
System: FreeBSD marvin.riggiland.au 5.3-RELEASE-p2 FreeBSD 5.3-RELEASE-p2 #3: Thu Dec 2 14:40:54 CET 2004 root at marvin.riggiland.au:/usr/obj/usr/src/sys/MARVIN i386
>Description:
Several security flaws have been detected in mplayer's streaming code base, including
o Potential heap overflow in Real RTSP streaming code
o Potential stack overflow in MMST streaming code
o Multiple buffer overflows in BMP demuxer
o Potential heap overflow in pnm streaming code
o Potential buffer overflow in mp3lib
>How-To-Repeat:
>Fix:
The -try2 release contains fixes for these vulnerabilities.
Patch for the multimedia/mplayer port as follows:
diff -ruN mplayer-old/Makefile mplayer/Makefile
--- mplayer-old/Makefile Tue Nov 16 08:17:49 2004
+++ mplayer/Makefile Mon Dec 20 21:54:43 2004
@@ -243,7 +243,7 @@
PORTNAME= mplayer
PORTVERSION= 0.99.5
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= multimedia audio ipv6
MASTER_SITES= http://www1.mplayerhq.hu/MPlayer/releases/ \
http://www2.mplayerhq.hu/MPlayer/releases/ \
@@ -255,7 +255,7 @@
ftp://ftp.lug.udel.edu/MPlayer/releases/ \
ftp://mirrors.xmission.com/MPlayer/releases/ \
http://www.rrr.de/~riggs/mplayer/
-DISTNAME= MPlayer-1.0pre5
+DISTNAME= MPlayer-1.0pre5try2
MAINTAINER= riggs at rrr.de
COMMENT= High performance media player/encoder supporting many formats
diff -ruN mplayer-old/distinfo mplayer/distinfo
--- mplayer-old/distinfo Thu Aug 19 19:42:17 2004
+++ mplayer/distinfo Mon Dec 20 21:55:52 2004
@@ -1,4 +1,4 @@
-MD5 (MPlayer-1.0pre5.tar.bz2) = fbe6919eb025526e8ed129cd61a49969
-SIZE (MPlayer-1.0pre5.tar.bz2) = 5072836
+MD5 (MPlayer-1.0pre5try2.tar.bz2) = 724c905a8dddb7e8ec9722fc585f833d
+SIZE (MPlayer-1.0pre5try2.tar.bz2) = 5073725
MD5 (mplayer1.0pre5-gtk2-20040730.patch.bz2) = 49840e54549f47fa859d0c3d27014202
SIZE (mplayer1.0pre5-gtk2-20040730.patch.bz2) = 38845
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list