[MPlayer-DOCS] CVS: homepage/src news.src.en,1.162,1.163
Roberto Togni CVS
syncmail at mplayerhq.hu
Thu Dec 16 00:31:15 CET 2004
CVS change done by Roberto Togni CVS
Update of /cvsroot/mplayer/homepage/src
In directory mail:/var2/tmp/cvs-serv16766
Modified Files:
news.src.en
Log Message:
MPlayer-1.0pre5try2 released (vulnerability fixes)
Index: news.src.en
===================================================================
RCS file: /cvsroot/mplayer/homepage/src/news.src.en,v
retrieving revision 1.162
retrieving revision 1.163
diff -u -r1.162 -r1.163
--- news.src.en 9 Dec 2004 00:50:09 -0000 1.162
+++ news.src.en 15 Dec 2004 23:31:13 -0000 1.163
@@ -8,6 +8,99 @@
<div class="newsentry">
<h2>
+ <a name="mplayer10pre5try2">2004.12.15, Wednesday :: MPlayer 1.0pre5try2 released</a>
+ <br><span class="poster">posted by Roberto</span>
+</h2>
+
+<p>
+Vulnerability fixes
+</p>
+<p>
+Multiple vulnerabilities were discovered in MPlayer by iDEFENSE, and more
+were found by us while reviewing the code:
+</p>
+<ul>
+ <li>
+ potential heap overflow in Real rtsp streaming code
+ <a href="http://www1.mplayerhq.hu/MPlayer/patches/rtsp_fix_20041215.diff">patch here</a>
+ </li>
+ <li>
+ potential stack overflow in mmst streaming code
+ <a href="http://www1.mplayerhq.hu/MPlayer/patches/mmst_fix_20041215.diff">patch here</a>
+ </li>
+ <li>
+ multiple buffer overflows in bmp demuxer
+ <a href="http://www1.mplayerhq.hu/MPlayer/patches/bmp_fix_20041215.diff">patch here</a>
+ </li>
+ <li>
+ potential heap overflow in pnm streaming code
+ <a href="http://www1.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff">patch here</a>
+ </li>
+ <li>
+ potential buffer overflow in mp3lib
+ <a href="http://www1.mplayerhq.hu/MPlayer/patches/mp3_fix_20041215.diff">patch here</a>
+ </li>
+</ul>
+
+<p>
+All issues affect both pre5 and CVS version.<br>
+0.93 version is obsolete and was not checked nor fixed.
+</p>
+<p>
+All problems were fixed, and the bmp demuxer was also disabled because it's
+useless and requires further analysis to be totally safe.
+</p>
+<ul>
+ <li>
+ pre5 users: upgrade to pre5try2 or apply this
+ <a href="http://www1.mplayerhq.hu/MPlayer/patches/pre5-pre5try2.diff">cumulative patch</a>
+ </li>
+ <li>
+ CVS users: cvs update
+ </li>
+</ul>
+
+<p>
+An updated build from CVS is also available for Windows users
+<a href="http://www1.mplayerhq.hu/MPlayer/releases/win32-beta/">here</a>
+</p>
+
+<p>
+Detailed advisory will follow.
+</p>
+
+<p>
+MPlayer 1.0pre5try2 can be downloaded from the following locations:
+</p>
+
+<ul>
+ <li>Hungary 1
+ <a href="http://www1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
+ <a href="http://ftp1.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+ <li>Hungary 2
+ <a href="http://www2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
+ <a href="ftp://ftp2.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+ <li>USA 2
+ <a href="http://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a>
+ <a href="ftp://ftp5.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+ <li>Switzerland
+ <a href="http://www4.mplayerhq.hu/MPlayer/releases/MPlayer-1.0pre5try2.tar.bz2">HTTP</a></li>
+ <li>Australia
+ <a href="ftp://ftp6.mplayerhq.hu/pub/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+ <li>Bulgaria
+ <a href="ftp://ftp8.mplayerhq.hu/mplayer/releases/MPlayer-1.0pre5try2.tar.bz2">FTP</a></li>
+</ul>
+
+<p>
+MD5SUM: <b>724c905a8dddb7e8ec9722fc585f833d</b>
+</p>
+
+</div>
+
+
+<div class="newsentry">
+
+<h2>
<a name="LnmAward2004">2004.10.30, Saturday :: Linux New Media Award 2004</a>
<br><span class="poster">posted by Diego</span>
</h2>
More information about the MPlayer-DOCS
mailing list