[MPlayer-DOCS] CVS: homepage/src news.src.en,1.240,1.241
Diego Biurrun CVS
syncmail at mplayerhq.hu
Tue Aug 30 11:37:43 CEST 2005
CVS change done by Diego Biurrun CVS
Update of /cvsroot/mplayer/homepage/src
In directory mail:/var2/tmp/cvs-serv8219/src
Modified Files:
news.src.en
Log Message:
spelling/wording/cosmetics
Index: news.src.en
===================================================================
RCS file: /cvsroot/mplayer/homepage/src/news.src.en,v
retrieving revision 1.240
retrieving revision 1.241
diff -u -r1.240 -r1.241
--- news.src.en 27 Aug 2005 20:58:10 -0000 1.240
+++ news.src.en 30 Aug 2005 09:37:40 -0000 1.241
@@ -7,38 +7,38 @@
<div class="newsentry">
<h2>
- <a name="server_thanks">2005.08.26, Friday :: Heap buffer overflow in ad_pcm.c</a>
+ <a name="server_thanks">2005.08.26, Friday :: heap overflow in ad_pcm.c</a>
<br><span class="poster">posted by Attila</span>
</h2>
<p>
-There is a bug which, depending on configuration, can lead to a heap buffer overflow.
-If and under which circumstances this is exploitable is unclear to us as of now.
-We are aware that at least one person was able to write a working exploit on
-his system using an avi file with uncompressed pcm audio.
-We have found a file that is supposed exploit it but could not make it work, but
+There is a bug which, depending on configuration, can lead to a heap overflow.
+If and under which circumstances this is exploitable is unclear to us as of
+now. We are aware that at least one person was able to write a working
+exploit on his system using an AVI file with uncompressed PCM audio.
+We have found a file that is supposed to exploit it but could not make it work,
still we do not want to put you at risk by waiting longer to publish this.
</p>
<h3>Solution</h3>
<p>
-A
-<a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpcodecs/ad_pcm.c.diff?r1=1.18&r2=1.19">patch</a>
+A <a href="http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpcodecs/ad_pcm.c.diff?r1=1.18&r2=1.19">fix</a>
for this problem was committed to CVS on Thu Aug 25 19:46:20 2005 UTC.
You can download a patch for MPlayer 1.0pre7
<a href="http://www4.mplayerhq.hu/MPlayer/patches/ad_pcm_fix_20050826.diff">here.</a>
</p>
<p>
-Adding "ac=-pcm," (notice the trailing ',') to the config file is a quick fix that should keep you
-safe as long as you don't use the -ac option on the commandline. Though you will not be able to play uncompressed
-audio then.
+Adding <code>ac=-pcm,</code> (notice the trailing ',') to your configuration
+file is a quick fix that should keep you safe as long as you don't use the
+<code>-ac</code> option on the command line. It will prevent you from playing
+uncompressed audio, though.
</p>
<p>
-We also prepared a new tarball for pre7 release with the fix already applied.
-Please note that this is not a new release of MPlayer, if you want to have all
-the new features introduced after pre7 you should use CVS version.
+We also prepared a new tarball for the pre7 release with the fix applied.
+Please note that this is not a new MPlayer release, if you want to have all
+the new features introduced after pre7 you should use the CVS version.
</p>
<h3>Affected versions</h3>
@@ -46,7 +46,7 @@
<p>
MPlayer 1.0pre7 and before<br>
Up to now the only version where an exploit was demonstrated is
-MPlayer 1.0pre7, but the bug is present also in all previous versions.
+MPlayer 1.0pre7, but the bug is present in all previous versions.
</p>
@@ -93,6 +93,7 @@
</div>
+
<div class="newsentry">
<h2>
More information about the MPlayer-DOCS
mailing list