Ubuntu
mplayer package

CVE-2007-2948: Stack overflow in mplayer cddb handling

Bug #118855 reported by William Grant on 2007-06-05

256

Affects		Status	Importance	Assigned to	Milestone
	mplayer (Ubuntu)	Fix Released	High	William Grant	Ubuntu tribe-2
	Dapper	Fix Released	Undecided	William Grant
	Edgy	Fix Released	Undecided	William Grant
	Feisty	Fix Released	High	William Grant
	Gutsy	Fix Released	High	William Grant	Ubuntu tribe-2

Bug Description

Binary package hint: mplayer

Only appears to affect 1.0rc1 (ie. Feisty). Arbitrary code execution is possible, with a malicious entry on the server. There is an upstream patch, and I'll have a debdiff for Feisty shortly.

Related branches

lp:ubuntu/karmic/mplayer

lp:ubuntu/edgy-security/mplayer

lp:ubuntu/feisty-security/mplayer

lp:ubuntu/dapper-security/mplayer

CVE References

2007-2948

William Grant (wgrant) on 2007-06-05

Changed in mplayer:
assignee:	nobody → fujitsu
importance:	Undecided → High
status:	Unconfirmed → In Progress

Sarah Kowalik (hobbsee-deactivatedaccount) on 2007-06-06

Changed in mplayer:
importance:	Undecided → High
assignee:	nobody → fujitsu
status:	Unconfirmed → In Progress

William Grant (wgrant) on 2007-06-06

Changed in mplayer:
assignee:	fujitsu → nobody
importance:	High → Undecided
status:	In Progress → Confirmed
assignee:	nobody → fujitsu

William Grant (wgrant) on 2007-06-06

Changed in mplayer:
importance:	Undecided → High
status:	Confirmed → In Progress

Revision history for this message

William Grant (wgrant) wrote on 2007-06-11:

#1

Gutsy fix was upload a few days back, but changelog-closes-bugs didn't work.

Changed in mplayer:
status:	In Progress → Fix Released

Revision history for this message

William Grant (wgrant) wrote on 2007-06-11:

#2

Gutsy fix was uploaded a few days back, but changelog-closes-bugs didn't work.

Revision history for this message

William Grant (wgrant) wrote on 2007-06-11:

#3

debdiff for feisty-security Edit (1.8 KiB, text/plain)

Revision history for this message

Kees Cook (kees) wrote on 2007-06-11:

#4

Thanks for the debdiff! This has built and been published. I'll keep an eye on LP and see if security uploads get auto-closed too. I think it won't since this is in a subtask.

Changed in mplayer:
status:	In Progress → Fix Committed

Revision history for this message

William Grant (wgrant) wrote on 2007-06-11:

#5

mplayer (2:1.0~rc1-0ubuntu9.1) feisty-security; urgency=low

  * SECURITY UPDATE: buffer overrun in cddb code (LP: #118855).
  * stream/stream_cddb.c: Apply upstream patch.
  * References:
    - CVE-2007-2948

-- William Grant <email address hidden> Mon, 11 Jun 2007 11:08:49 +1000

Changed in mplayer:
status:	Fix Committed → Fix Released

William Grant (wgrant) on 2007-11-17

Changed in mplayer:
assignee:	nobody → fujitsu
status:	New → In Progress
assignee:	nobody → fujitsu
status:	New → In Progress

Kees Cook (kees) on 2007-11-20

Changed in mplayer:
status:	In Progress → Triaged
status:	In Progress → Triaged

William Grant (wgrant) on 2007-12-02

Changed in mplayer:
status:	Triaged → In Progress

William Grant (wgrant) on 2007-12-03

Changed in mplayer:
status:	Triaged → In Progress

Kees Cook (kees) on 2007-12-03

Changed in mplayer:
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed

William Grant (wgrant) on 2007-12-04

Changed in mplayer:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

debdiff for feisty-security Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.