[MPlayer-cvslog] r29184 - branches/1.0rc1/libmpdemux/demux_vqf.c
uoti.urpala at pp1.inet.fi
Thu Apr 16 02:01:21 CEST 2009
On Wed, 2009-04-15 at 19:40 -0400, compn wrote:
> On Thu, 16 Apr 2009 00:38:31 +0200 (CEST), siretart wrote:
> >Author: siretart
> >Date: Thu Apr 16 00:38:30 2009
> >New Revision: 29184
> >SA33136: MPlayer TwinVQ Processing Buffer Overflow Vulnerability
> >Thanks to T. Klein, G. Iuculano, R. Döffinger. cf http://bugs.debian.org/508803
> >Fixes CVE-2008-5616.
> shouldnt one bump the minor version number in such fixes?
> like 1.0rc1.1 or 1.0rc1try2 ?
> how will we tell good rc1 vqf from bad rc1 vqf ?
> not that this matters much as we dont support rc1 anyways.
> (btw are you planning to patch rc2 too?)
I think he meant to patch rc3 but used the wrong branch.
More information about the MPlayer-cvslog