lp:ubuntu/dapper-security/mplayer
- Get this branch:
- bzr branch lp:ubuntu/dapper-security/mplayer
Branch merges
Branch information
Recent revisions
- 13. By Stefan Lesicnik
-
* SECURITY UPDATE: Multiple integer underflows in MPlayer 1.0_rc2 and
earlier allow remote attackers to cause a denial of service
(process termination) and possibly execute arbitrary code via a
crafted video file that causes the stream_read function to read or
write arbitrary memory (LP: #279030)
- debian/patches/ 69_CVE- 2008-3827. dpatch: Address various integer
underflows. Patch from oCert.org.
- http://www.ocert. org/advisories/ ocert-2008- 013.html
- CVE-2008-3827
* SECURITY UPDATE: Uncontrolled array index in the sdpplin_parse function in
stream/realrtsp/ sdpplin. c in MPlayer 1.0 rc2 allows remote attackers to
overwrite memory and execute arbitrary code via a large streamid SDP
parameter. (LP: #212601).
- debian/patches/ 68_CVE- 2008-1558. dpatch: Properly check the stream ID.
Patch from upstream.
- CVE-2008-1558 - 12. By William Grant
-
* SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, and URL
parser. (LP: #191488)
* debian/patches/ {64_CVE- 2008-0225_ 0238,65_ CVE-2008- 0485,66_ CVE-2008- 0629,
67_CVE-2008-0630} .dpatch: Patches from upstream.
* References:
- CVE-2008-0225
- CVE-2008-0238
- CVE-2008-0485
- CVE-2008-0629
- CVE-2008-0630 - 11. By William Grant
-
* SECURITY UPDATE: buffer overruns in CDDB (LP: #118855), DMO decoder
(LP: #92968), RTSP handler (LP: #163291) and ASF decoder (LP: #163293).
* debian/patches/ 61_CVE- 2006-1502. dpatch: Ensure that ASF index chunks are
of a sane size. Patch from Mandriva.
* debian/patches/ 62_CVE- 2006-6172. dpatch: Don't match too many ASM rules,
lest we overrun the buffers. Patch provided by upstream.
* debian/patches/ 60_CVE- 2007-1246. dpatch: Avoid buffer overrun in DMO
decoder. Patch from upstream SVN.
* debian/patches/ 63_CVE- 2007-2948. dpatch: Don't take strings of unlimited
length from CDDB input. Patch from upstream SVN.
* References
CVE-2006-1502
CVE-2006-6172
CVE-2007-1246
CVE-2007-2948 - 10. By Sebastian Dröge
-
* 07_hig-
compliant- desktop- file.dpatch:
- Use a more HIG compliant name for mplayer in the .desktop file.
Thanks to Matthew East for the patch (Ubuntu: #38205)
* 08_nsv-support. dpatch:
- Add support for specific NSV files. Thanks to Dana Olson for the patch.
(Ubuntu: #44831) - 9. By Sebastian Dröge
-
* debian/
patches/ 06_close_ gracefully. dpatch:
+ Close gracefully when closing the mplayer window (Ubuntu: #38737) - 8. By Reinhard Tartler
-
* add libx264-dev to builddeps and activate that in debian rules
Thanks to Yagisan (Closes: M#31519)
* disable external faad (Closes: M#33828)
* add some of the script which upstream distributs in TOOLS/ to
/usr/share/doc/ mplayer/ examples. Please report bugs if you want
additional scripts added there. - 7. By Daniel T Chen
-
* [SECURITY]: Fix heap overflow in libmpdemux/
demuxer. h. Patch
retrieved from upstream CVS courtesy of Dennis Kaarsemaker.
* References
- CVE-2006-0579
- http://bugs.gentoo. org/show_ bug.cgi? id=122029 - 6. By Oliver Grawert
-
added 05_gnome-
screensaver- handling. dpatch to add support for
gnome-screensaver to the -stop-xscreensaver option - 4. By Reinhard Tartler
-
* enable libaa and libcaca support
- enable in debian/rules
- fix configure to link mplayer with -laa (update 03_fix-linking. dpatch)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/mplayer