Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/dapper-security/mplayer
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

13. By Stefan Lesicnik

* SECURITY UPDATE: Multiple integer underflows in MPlayer 1.0_rc2 and
  earlier allow remote attackers to cause a denial of service
  (process termination) and possibly execute arbitrary code via a
  crafted video file that causes the stream_read function to read or
  write arbitrary memory (LP: #279030)
  - debian/patches/69_CVE-2008-3827.dpatch: Address various integer
    underflows. Patch from oCert.org.
  - http://www.ocert.org/advisories/ocert-2008-013.html
  - CVE-2008-3827
* SECURITY UPDATE: Uncontrolled array index in the sdpplin_parse function in
  stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to
  overwrite memory and execute arbitrary code via a large streamid SDP
  parameter. (LP: #212601).
  - debian/patches/68_CVE-2008-1558.dpatch: Properly check the stream ID.
    Patch from upstream.
  - CVE-2008-1558

12. By William Grant

* SECURITY UPDATE: buffer overruns in RMMF, CDDB, MOV demuxer, and URL
  parser. (LP: #191488)
* debian/patches/{64_CVE-2008-0225_0238,65_CVE-2008-0485,66_CVE-2008-0629,
  67_CVE-2008-0630}.dpatch: Patches from upstream.
* References:
  - CVE-2008-0225
  - CVE-2008-0238
  - CVE-2008-0485
  - CVE-2008-0629
  - CVE-2008-0630

11. By William Grant

* SECURITY UPDATE: buffer overruns in CDDB (LP: #118855), DMO decoder
  (LP: #92968), RTSP handler (LP: #163291) and ASF decoder (LP: #163293).
* debian/patches/61_CVE-2006-1502.dpatch: Ensure that ASF index chunks are
  of a sane size. Patch from Mandriva.
* debian/patches/62_CVE-2006-6172.dpatch: Don't match too many ASM rules,
  lest we overrun the buffers. Patch provided by upstream.
* debian/patches/60_CVE-2007-1246.dpatch: Avoid buffer overrun in DMO
  decoder. Patch from upstream SVN.
* debian/patches/63_CVE-2007-2948.dpatch: Don't take strings of unlimited
  length from CDDB input. Patch from upstream SVN.
* References

10. By Sebastian Dröge

* 07_hig-compliant-desktop-file.dpatch:
  - Use a more HIG compliant name for mplayer in the .desktop file.
    Thanks to Matthew East for the patch (Ubuntu: #38205)
* 08_nsv-support.dpatch:
  - Add support for specific NSV files. Thanks to Dana Olson for the patch.
    (Ubuntu: #44831)

9. By Sebastian Dröge

* debian/patches/06_close_gracefully.dpatch:
  + Close gracefully when closing the mplayer window (Ubuntu: #38737)

8. By Reinhard Tartler

* add libx264-dev to builddeps and activate that in debian rules
  Thanks to Yagisan (Closes: M#31519)
* disable external faad (Closes: M#33828)
* add some of the script which upstream distributs in TOOLS/ to
  /usr/share/doc/mplayer/examples. Please report bugs if you want
  additional scripts added there.

7. By Daniel T Chen

* [SECURITY]: Fix heap overflow in libmpdemux/demuxer.h. Patch
  retrieved from upstream CVS courtesy of Dennis Kaarsemaker.
* References
  - CVE-2006-0579
  - http://bugs.gentoo.org/show_bug.cgi?id=122029

6. By Oliver Grawert

added 05_gnome-screensaver-handling.dpatch to add support for
gnome-screensaver to the -stop-xscreensaver option

5. By Sebastian Dröge

Add support for real codecs on powerpc (Closes Malone: #29190)

4. By Reinhard Tartler

* enable libaa and libcaca support
  - enable in debian/rules
  - fix configure to link mplayer with -laa (update 03_fix-linking.dpatch)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.