Ubuntu
mplayer package

lp:ubuntu/hardy-security/mplayer

Hardy (8.04)
hardy-security

Created by James Westby on 2009-08-19 and last modified on 2011-03-10

Get this branch:: bzr branch lp:ubuntu/hardy-security/mplayer

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

46. By Firas Kraïem on 2011-03-08

* SECURITY UPDATE: Integer signedness error in the fourxm_read_header
  function in libavformat/4xm.c in FFmpeg before revision 16846 allows
  remote attackers to execute arbitrary code via a malformed 4X movie
  file with a large current_track value, which triggers a NULL pointer
  dereference. (LP: #731625)
  - libavformat/4xm.c - patch from ffmpeg package in hardy-security
  - References:
    + CVE-2009-0385

45. By Stefan Lesicnik on 2008-10-08

* SECURITY UPDATE: Multiple integer underflows in MPlayer 1.0_rc2 and
  earlier allow remote attackers to cause a denial of service
  (process termination) and possibly execute arbitrary code via a
  crafted video file that causes the stream_read function to read or
  write arbitrary memory. (LP: #279030)
  - libmpdemux/demux_real.c - patch from oCert.
  - References:
    + CVE-2008-3827
    + http://www.ocert.org/advisories/ocert-2008-013.html

44. By William Grant on 2008-04-06

* SECURITY UPDATE: arbitrary code execution via crafted RTSP stream.
  (LP: #212601)
  - stream/realrtsp/sdpplin.c: Properly check the stream ID. Patch from
    upstream.
  - References:
    + CVE-2008-1558

43. By Matti Lindell <email address hidden> on 2008-03-25

Modify mplayer.desktop to support opening URIs with spaces (LP: #164709).

42. By William Grant on 2008-03-24

Actually drop the runtime CPU detection configure flag from the
arch-global variable, which I apparently missed in bzr last time.

41. By William Grant on 2008-03-24

* Only build-depend on libsvga1-dev on i386 and amd64; it doesn't exist
anywhere else.
* Only enable runtime CPU detection on i386, amd64 and powerpc. Fixes FTBFS
on [!i386 amd64 powerpc].

40. By William Grant on 2008-03-24

[ Luke Yelavich ]
* etc/example.conf: Use pulseaudio by default, and fallback to alsa.

[ William Grant ]
* SECURITY UPDATE: buffer overruns in CDDB, MOV demuxer, FLAC header parser,
  and URL parser. (LP: #191488)
* libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c,
  stream/url.c: Patches from upstream.
* References:
  - CVE-2008-0485
  - CVE-2008-0486
  - CVE-2008-0629
  - CVE-2008-0630
* debian/rules: Unset CFLAGS, to make it build again.

39. By Jani Monoses on 2008-02-06

Use DejaVu instead of Bitstream Vera for subtitles so they show
correct characters for many non-English languages (LP: #48497)

38. By Mario Limonciello on 2008-01-23

* Add debian/mime to install mime types in (g)mplayer.
* Rebuild against newer x264 (LP: 177082, 172683, 181389)

37. By Mario Limonciello on 2008-01-22

* debian/rules:
- Drop old get-orig-source to avoid confusion.
* debian/control:
- Build depend on newer faac for libmp4v2 transition. (LP: 181389)

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/mplayer

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntumplayer package