Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
This updates fixes various minor crashes in mplayer, which
don't warrant a DSA by itself. I've run the PoCs against
the updated build where applicable and also tested various
random media files.
Note this isn't fixed in unstable, since mplayer FTBFSes
with ffmpeg 5.0 and won't be in bookworm (#1005899).
Cheers,
Moritz
diff -Nru mplayer-1.4+ds1/debian/changelog mplayer-1.4+ds1/debian/changelog
--- mplayer-1.4+ds1/debian/changelog2020-10-15 00:13:44.0 +0200
+++ mplayer-1.4+ds1/debian/changelog2022-11-28 21:31:43.0 +0100
@@ -1,3 +1,19 @@
+mplayer (2:1.4+ds1-1+deb11u1) bullseye; urgency=medium
+
+ * Backport the following commits:
+d19ea1ce173e95c31b0e8acbe471ea26c292be2b (CVE-2022-38850)
+58db9292a414ebf13a2cacdb3ffa967fb9036935 (CVE-2022-38851)
+2f6e69e59e2614acdde5505b049c48f80a3d0eb7 (CVE-2022-38855)
+92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (CVE-2022-38858)
+62fe0c63cf4fba91efd29bbc85309280e1a99a47 (CVE-2022-38860)
+2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (CVE-2022-38861)
+b5e745b4bfab2835103a060094fae3c6cc1ba17d (CVE-2022-38863)
+36546389ef9fb6b0e0540c5c3f212534c34b0e94 (CVE-2022-38864)
+33d9295663c37a37216633d7e3f07e7155da6144 (CVE-2022-38865)
+373517da3bb5781726565eb3114a2697b13f00f2 (CVE-2022-38866)
+
+ -- Moritz Mühlenhoff Mon, 28 Nov 2022 21:31:43 +0100
+
mplayer (2:1.4+ds1-1) unstable; urgency=medium
* Team upload
diff -Nru
mplayer-1.4+ds1/debian/patches/CVE-2022-38850_CVE-2022-38851_CVE-2022-38855_CVE-2022-38858_CVE-2022-38860_CVE-2022-38861_CVE-2022-38863_CVE-2022-38864_CVE-2022-38865_CVE-2022-38866.patch
mplayer-1.4+ds1/debian/patches/CVE-2022-38850_CVE-2022-38851_CVE-2022-38855_CVE-2022-38858_CVE-2022-38860_CVE-2022-38861_CVE-2022-38863_CVE-2022-38864_CVE-2022-38865_CVE-2022-38866.patch
---
mplayer-1.4+ds1/debian/patches/CVE-2022-38850_CVE-2022-38851_CVE-2022-38855_CVE-2022-38858_CVE-2022-38860_CVE-2022-38861_CVE-2022-38863_CVE-2022-38864_CVE-2022-38865_CVE-2022-38866.patch
1970-01-01 01:00:00.0 +0100
+++
mplayer-1.4+ds1/debian/patches/CVE-2022-38850_CVE-2022-38851_CVE-2022-38855_CVE-2022-38858_CVE-2022-38860_CVE-2022-38861_CVE-2022-38863_CVE-2022-38864_CVE-2022-38865_CVE-2022-38866.patch
2022-11-28 21:31:07.0 +0100
@@ -0,0 +1,235 @@
+Backports of the following commits:
+
+d19ea1ce173e95c31b0e8acbe471ea26c292be2b (CVE-2022-38850)
+[PATCH] vd.c: sanity-check aspect adjustment
+
+58db9292a414ebf13a2cacdb3ffa967fb9036935 (CVE-2022-38851)
+PATCH] asfheader.c: Fix CHECKDEC macro.
+
+2f6e69e59e2614acdde5505b049c48f80a3d0eb7 (CVE-2022-38855)
+[PATCH] demux_mov.c: Add bounds checks to debug prints.
+
+92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (CVE-2022-38858)
+[PATCH] demux_mov.c: robustness fixes.
+
+62fe0c63cf4fba91efd29bbc85309280e1a99a47 (CVE-2022-38860)
+[PATCH] demux_avi.c: check that sh->wf exists before using it.
+
+2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (CVE-2022-38861)
+[PATCH] mp_image.c: fix allocation size for formats with odd width.
+
+b5e745b4bfab2835103a060094fae3c6cc1ba17d (CVE-2022-38863)
+[PATCH] mpeg_hdr.c: Allocate 0xff initialized padding.
+
+36546389ef9fb6b0e0540c5c3f212534c34b0e94 (CVE-2022-38864)
+[PATCH] mpeg_hdr.c: Fix unescape code.
+
+33d9295663c37a37216633d7e3f07e7155da6144 (CVE-2022-38865)
+[PATCH] demux_avi.c: Fixup invalid audio block size.
+
+373517da3bb5781726565eb3114a2697b13f00f2 (CVE-2022-38866)
+[PATCH] aviheader.c: Fix allocation size for vprp
+
+
+--- mplayer-1.4+ds1.orig/libmpcodecs/mp_image.c
mplayer-1.4+ds1/libmpcodecs/mp_image.c
+@@ -51,8 +51,12 @@ void mp_image_alloc_planes(mp_image_t *m
+ }
+ mpi->planes[0]=av_malloc(mpi->bpp*mpi->width*(mpi->height+2)/8+
+ mpi->chroma_width*mpi->chroma_height);
+- } else
+-mpi->planes[0]=av_malloc(mpi->bpp*mpi->width*(mpi->height+2)/8);
++ } else {
++// for odd width round up to be on the safe side,
++// required in particular for planar formats
++int alloc_w = mpi->width + (mpi->width & 1);
++mpi->planes[0]=av_malloc(mpi->bpp*alloc_w*(mpi->height+2)/8);
++ }
+ if (mpi->flags_IMGFLAG_PLANAR) {
+ int bpp = IMGFMT_IS_YUVP16(mpi->imgfmt)? 2 : 1;
+ // YV12/I420/YVU9/IF09. feel free to add other planar formats here...
+--- mplayer-1.4+ds1.orig/libmpcodecs/vd.c
mplayer-1.4+ds1/libmpcodecs/vd.c
+@@ -332,7 +332,7 @@ int mpcodecs_config_vo(sh_video_t *sh, i
+ screen_size_y = screen_size_xy * sh->disp_h / sh->disp_w;
+ }
+ }
+-if (sh->aspect >= 0.01) {
++if (sh->aspect >= 0.01 && sh->aspect <= 100) {
+ int w;
+ mp_msg(MSGT_CPLAYER, MSGL_INFO, MSGTR_MovieAspectIsSet,
+sh->aspect);
+@@ -350,6 +350,8 @@ int mpcodecs_config_vo(sh_video_t *sh, i
+ } else {
+ mp_msg(MSGT_CPLAYER, MSGL_INFO, MSGTR_MovieAspectUndefined);
+