[MPlayer-announce] MPlayer 1.0pre5try2 released
Roberto Togni
r_togni at tiscali.it
Thu Dec 16 01:00:16 CET 2004
Vulnerability fixes
Multiple vulnerabilities were discovered in MPlayer by iDEFENSE, and
more were
found by us while reviewing the code:
* potential heap overflow in Real rtsp streaming code
* potential stack overflow in mmst streaming code
* multiple buffer overflows in bmp demuxer
* potential heap overflow in pnm streaming code
* potential buffer overflow in mp3lib
All issues affect both pre5 and CVS version.
0.93 version is obsolete and was not checked nor fixed.
All problems were fixed, and the bmp demuxer was also disabled because
it's
useless and requires further analysis to be totally safe.
* pre5 users: upgrade to pre5try2 or apply the cumulative patch
* CVS users: cvs update
An updated build from CVS is also available for Windows users at
http://www1.mplayerhq.hu/MPlayer/releases/win32_beta
Detailed advisory will follow.
MPlayer 1.0pre5try2 can be downloaded from the following locations:
* Hungary 1
http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2
http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2
* Hungary 2
href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2
ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2
* USA 2
http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2
ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2
* Switzerland
http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2
* Australia
ftp://ftp6.mplayerhq.hu/pub/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2
* Bulgaria
ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2
MD5SUM: 724c905a8dddb7e8ec9722fc585f833d
Individual patches and cumulative patch can be downloaded here:
http://www1.mplayerhq.hu/MPlayer/patches/
More information about the MPlayer-announce
mailing list