found 524805 1.0~rc2-17+lenny3
notfound 524805 1.0~rc3+svn20090405-1

On Mon, Apr 20, 2009 at 04:00:15 (CEST), Michael S. Gilbert wrote:

> The following CVE (Common Vulnerabilities & Exposures) id was
> published for mplayer.
> CVE-2009-0385[0]:
> | Integer signedness error in the fourxm_read_header function in
> | libavformat/4xm.c in FFmpeg before revision 16846 allows remote
> | attackers to execute arbitrary code via a malformed 4X movie file with
> | a large current_track value, which triggers a NULL pointer
> | dereference.
> See fedora security announcement for more details [1].
> Please coordinate with the security team to prepare updated packages
> for the stable releases.

Fortunately, this does not affect the version in squeeze, 'only' the
version in stable. This patch should fix the issue:;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17

Reinhard Tartler, KeyID 945348A4

pkg-multimedia-maintainers mailing list

Reply via email to