Public bug reported: Binary package hint: mplayer
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for mplayer. CVE-2008-0630[0]: | Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 | allows remote attackers to execute arbitrary code via a crafted URL | that prevents the IPv6 parsing code from setting a pointer to NULL, | which causes the buffer to be reused by the unescape code. You can find a patch for this on: http://svn.mplayerhq.hu/mplayer/trunk/stream/url.c?r1=25820&r2=25823 ** Affects: mplayer (Ubuntu) Importance: High Status: New ** Affects: mplayer (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0630 ** Changed in: mplayer (Ubuntu) Importance: Undecided => High ** Bug watch added: Debian Bug tracker #464532 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464532 ** Also affects: mplayer (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464532 Importance: Unknown Status: Unknown ** Description changed: Binary package hint: mplayer Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for mplayer. CVE-2008-0630[0]: | Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 | allows remote attackers to execute arbitrary code via a crafted URL | that prevents the IPv6 parsing code from setting a pointer to NULL, | which causes the buffer to be reused by the unescape code. You can find a patch for this on: - http://svn.mplayerhq.hu/mplayer/trunk/stream/stream_cddb.c?r1=25820&r2=25824 + http://svn.mplayerhq.hu/mplayer/trunk/stream/url.c?r1=25820&r2=25823 -- CVE-2008-0630 buffer overflow via crafted url https://bugs.launchpad.net/bugs/191410 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
