[MPlayer-dev-eng] buffer overflow of the month
The Wanderer
inverseparadox at comcast.net
Thu Aug 25 19:24:18 CEST 2005
Diego Biurrun wrote:
> On Thu, Aug 25, 2005 at 06:04:33PM +0200, Attila Kinali wrote:
>
>> Sascha just posted the "advisory" of a german one man security
>> company on IRC:
>> http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt
>> Can someone confirm whether this is a normal sig11 or something
>> more serious ? If it's just a sig11 i would like to post a news
>> entry on the webpage as soon as possible to
>> 1) Tell people that it is not exploitable
>> 2) Tell people that we haven't been contacted
>
> You barely beat me to posting to dev-eng and this is exactly what I
> had planned. I assume this guy contacted /dev/null, otherwise we
> would have reacted quickly as usual. If he is really lying about
> contacting any of us he deserves to be flamed to a cinder on the
> homepage.
On the date cited in that text file for 'vendor contacted', there is a
post by someone with the name cited in 'issue found by' on -users which
appears at a glance to contain the same information as the text file. I
don't know why there was no reaction (people were busy and didn't notice
it?), but he does not appear to be lying.
--
The Wanderer
Warning: Simply because I argue an issue does not mean I agree with any
side of it.
A government exists to serve its citizens, not to control them.
More information about the MPlayer-dev-eng
mailing list