FS#9474 - mplayer security issue

Attached to Project: Arch Linux
Opened by Martin Schmidt (Blind) - Tuesday, 05 February 2008, 20:15 GMT
Last edited by Thomas Bächler (brain0) - Tuesday, 26 February 2008, 14:40 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Thomas Bächler (brain0)
Architecture All
Severity High
Priority Normal
Reported Version 2007.08-2
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

http://www.mplayerhq.hu/design7/news.html
Security issue in mplayer 1.0 RC2

Several security issues need to be fixed.

Additional info:
* package version(s)
* config and/or log files etc.


Steps to reproduce:
This task depends upon

Closed by  Thomas Bächler (brain0)
Tuesday, 26 February 2008, 14:40 GMT
Reason for closing:  Fixed
Comment by Roman Kyrylych (Romashka) - Monday, 11 February 2008, 22:55 GMT
ping
Comment by Joe Banks (yabbadabbadont) - Monday, 18 February 2008, 06:46 GMT
Ping...

To make it easy on the package maintainer, here are links to the security patches that need to be applied to 1.0rc2:

http://www.mplayerhq.hu/MPlayer/patches/demux_audio_fix_20080129.diff
http://www.mplayerhq.hu/MPlayer/patches/demux_mov_fix_20080129.diff
http://www.mplayerhq.hu/MPlayer/patches/url_fix_20080120.diff
http://www.mplayerhq.hu/MPlayer/patches/stream_cddb_fix_20080120.diff
Comment by Joe Banks (yabbadabbadont) - Monday, 18 February 2008, 23:27 GMT
To make things worse, the URL listed in the PKGBUILD for mplayer is not accessible using an anonymous ftp login, so makepkg fails to download the source.
Comment by Filip Wojciechowski (fwojciec) - Wednesday, 20 February 2008, 22:51 GMT
To make things easier still for the package maintainer... I've posted a working PKGBUILD that includes the patches (otherwise it is identical to the current PKGBUILD) in this thread: [url]http://bbs.archlinux.org/viewtopic.php?id=43461[/url].

Loading...