Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-security/mplayer
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

46. By Firas Kraïem

* SECURITY UPDATE: Integer signedness error in the fourxm_read_header
  function in libavformat/4xm.c in FFmpeg before revision 16846 allows
  remote attackers to execute arbitrary code via a malformed 4X movie
  file with a large current_track value, which triggers a NULL pointer
  dereference. (LP: #731625)
  - libavformat/4xm.c - patch from ffmpeg package in hardy-security
  - References:
    + CVE-2009-0385

45. By Stefan Lesicnik

* SECURITY UPDATE: Multiple integer underflows in MPlayer 1.0_rc2 and
  earlier allow remote attackers to cause a denial of service
  (process termination) and possibly execute arbitrary code via a
  crafted video file that causes the stream_read function to read or
  write arbitrary memory. (LP: #279030)
  - libmpdemux/demux_real.c - patch from oCert.
  - References:
    + CVE-2008-3827
    + http://www.ocert.org/advisories/ocert-2008-013.html

44. By William Grant

* SECURITY UPDATE: arbitrary code execution via crafted RTSP stream.
  (LP: #212601)
  - stream/realrtsp/sdpplin.c: Properly check the stream ID. Patch from
  - References:
    + CVE-2008-1558

43. By Matti Lindell <email address hidden>

Modify mplayer.desktop to support opening URIs with spaces (LP: #164709).

42. By William Grant

Actually drop the runtime CPU detection configure flag from the
arch-global variable, which I apparently missed in bzr last time.

41. By William Grant

* Only build-depend on libsvga1-dev on i386 and amd64; it doesn't exist
  anywhere else.
* Only enable runtime CPU detection on i386, amd64 and powerpc. Fixes FTBFS
  on [!i386 amd64 powerpc].

40. By William Grant

[ Luke Yelavich ]
* etc/example.conf: Use pulseaudio by default, and fallback to alsa.

[ William Grant ]
* SECURITY UPDATE: buffer overruns in CDDB, MOV demuxer, FLAC header parser,
  and URL parser. (LP: #191488)
* libmpdemux/demux_audio.c, libmpdemux/demux_mov.c, stream/stream_cddb.c,
  stream/url.c: Patches from upstream.
* References:
  - CVE-2008-0485
  - CVE-2008-0486
  - CVE-2008-0629
  - CVE-2008-0630
* debian/rules: Unset CFLAGS, to make it build again.

39. By Jani Monoses

Use DejaVu instead of Bitstream Vera for subtitles so they show
correct characters for many non-English languages (LP: #48497)

38. By Mario Limonciello

* Add debian/mime to install mime types in (g)mplayer.
* Rebuild against newer x264 (LP: 177082, 172683, 181389)

37. By Mario Limonciello

* debian/rules:
  - Drop old get-orig-source to avoid confusion.
* debian/control:
  - Build depend on newer faac for libmp4v2 transition. (LP: 181389)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.