[MPlayer-dev-eng] [SECURITY] heap-based buffer overflow in libmpdemux/aviheader.c - fixed in SVN already?
Dominik 'Rathann' Mierzejewski
dominik at rangers.eu.org
Sat Sep 22 12:48:48 CEST 2007
Am I correct in thinking that r24447 fixes that?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938
If what they say here:
http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt
...
DISCLOSURE TIMELINE:
====================
1: 2007-07-30 notice MPlayer vendor
2: 2007-07-31 the vendor reply
...
is true, then why was the fix committed only 8 days ago?
Regards,
R.
--
MPlayer developer and RPMs maintainer: http://mplayerhq.hu http://rpm.livna.org
There should be a science of discontent. People need hard times and
oppression to develop psychic muscles.
-- from "Collected Sayings of Muad'Dib" by the Princess Irulan
More information about the MPlayer-dev-eng
mailing list