[MPlayer-cvslog] r29184 - branches/1.0rc1/libmpdemux/demux_vqf.c
tempn at twmi.rr.com
Thu Apr 16 03:15:09 CEST 2009
On Thu, 16 Apr 2009 03:01:21 +0300, Uoti Urpala wrote:
>On Wed, 2009-04-15 at 19:40 -0400, compn wrote:
>> On Thu, 16 Apr 2009 00:38:31 +0200 (CEST), siretart wrote:
>> >Author: siretart
>> >Date: Thu Apr 16 00:38:30 2009
>> >New Revision: 29184
>> >SA33136: MPlayer TwinVQ Processing Buffer Overflow Vulnerability
>> >Thanks to T. Klein, G. Iuculano, R. Döffinger. cf http://bugs.debian.org/508803
>> >Fixes CVE-2008-5616.
>> shouldnt one bump the minor version number in such fixes?
>> like 1.0rc1.1 or 1.0rc1try2 ?
>> how will we tell good rc1 vqf from bad rc1 vqf ?
>> not that this matters much as we dont support rc1 anyways.
>> (btw are you planning to patch rc2 too?)
>I think he meant to patch rc3 but used the wrong branch.
no, the CVE is from 2008, rc3 is 2009/r29073 and i didnt quote:
>> >Sceurity fix backported from 28149
so this fix is in rc3 already.
More information about the MPlayer-cvslog