found 524805 1.0~rc2-17+lenny3
notfound 524805 1.0~rc3+svn20090405-1
stop

On Mon, Apr 20, 2009 at 04:00:15 (CEST), Michael S. Gilbert wrote:

> The following CVE (Common Vulnerabilities & Exposures) id was
> published for mplayer.
>
> CVE-2009-0385[0]:
> | Integer signedness error in the fourxm_read_header function in
> | libavformat/4xm.c in FFmpeg before revision 16846 allows remote
> | attackers to execute arbitrary code via a malformed 4X movie file with
> | a large current_track value, which triggers a NULL pointer
> | dereference.
>
> See fedora security announcement for more details [1].
>
> Please coordinate with the security team to prepare updated packages
> for the stable releases.

Fortunately, this does not affect the version in squeeze, 'only' the
version in stable. This patch should fix the issue:

http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4



_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to