found 524805 1.0~rc2-17+lenny3 notfound 524805 1.0~rc3+svn20090405-1 stop On Mon, Apr 20, 2009 at 04:00:15 (CEST), Michael S. Gilbert wrote:
> The following CVE (Common Vulnerabilities & Exposures) id was > published for mplayer. > > CVE-2009-0385[0]: > | Integer signedness error in the fourxm_read_header function in > | libavformat/4xm.c in FFmpeg before revision 16846 allows remote > | attackers to execute arbitrary code via a malformed 4X movie file with > | a large current_track value, which triggers a NULL pointer > | dereference. > > See fedora security announcement for more details [1]. > > Please coordinate with the security team to prepare updated packages > for the stable releases. Fortunately, this does not affect the version in squeeze, 'only' the version in stable. This patch should fix the issue: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17 -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org