[MPlayer-DOCS] [homepage]: r3255 - in trunk: design7/src/selector src/news-archive.src.en src/news.src.en

diego subversion at mplayerhq.hu
Sat Sep 13 15:44:03 CEST 2008


Author: diego
Date: Sat Sep 13 15:44:00 2008
New Revision: 3255

Log:
Move some old news entries to the archive.


Modified:
   trunk/design7/src/selector
   trunk/src/news-archive.src.en
   trunk/src/news.src.en

Modified: trunk/design7/src/selector
==============================================================================
--- trunk/design7/src/selector	(original)
+++ trunk/design7/src/selector	Sat Sep 13 15:44:00 2008
@@ -22,9 +22,9 @@
 		awards<br>
 		<a href="news.html#HUPAward2007">
 			<img src="../images/awards/hup2007-s.png" alt="HUP Readers' Choice Award 2007" width="29" height="29"></a>
-		<a href="news.html#LqAward2006">
+		<a href="news-archive.html#LqAward2006">
 			<img src="../images/awards/LQ-2006MCA-video-s.png" alt="2006 LinuxQuestions.org Members Choice Award" width="29" height="29"></a>
-		<a href="news.html#HUPAward2006">
+		<a href="news-archive.html#HUPAward2006">
 			<img src="../images/awards/hup2006-s.png" alt="HUP Readers' Choice Award 2006" width="29" height="29"></a>
 		<a href="news-archive.html#LqAward2005">
 			<img src="../images/awards/LQ-2005MCA-video-s.png" alt="2005 LinuxQuestions.org Members Choice Award" width="29" height="29"></a>

Modified: trunk/src/news-archive.src.en
==============================================================================
--- trunk/src/news-archive.src.en	(original)
+++ trunk/src/news-archive.src.en	Sat Sep 13 15:44:00 2008
@@ -9,6 +9,263 @@
 <div class="newsentry">
 
 <h2>
+	<a name="vuln15">2007-06-05, Tuesday :: stack overflow in stream_cddb.c</a>
+	<br><span class="poster">posted by Roberto</span>
+</h2>
+
+<h3>Summary</h3>
+
+<p>
+A stack overflow was found and reported by Stefan Cornelius of Secunia
+Research in the code used to handle CDDB queries. Two other similar issues
+were found by Reimar Döffinger while fixing the issue. The vulnerability is
+identified with CVE-2007-2948 and
+<a href="http://secunia.com/advisories/24302/">SAID 24302</a>.
+</p>
+
+<p>
+When copying the album title and category, no checking was performed on the size
+of the strings before storing them in a fixed-size array. A malicious entry in
+the database could trigger a stack overflow in the program, leading to arbitrary
+code execution with the UID of the user running MPlayer.
+</p>
+
+<h3>Severity</h3>
+
+<p>
+High (arbitrary remote code execution under the user ID running the player)
+when getting disk information from a malicious CDDB entry, null if you do not
+use this feature. Please note that it is possible to overwrite entries in the
+CDDB database, so an attack can also be performed via a non-compromised server.
+At the time the buffer overflow was fixed there was no known exploit in the
+wild.
+</p>
+
+<h3>Solution</h3>
+
+<p>
+A
+<a href="http://svn.mplayerhq.hu/mplayer/trunk/stream/stream_cddb.c?r1=23287&amp;r2=23470">fix</a>
+for this problem was committed to SVN on Tue Jun 5 11:13:32 2007 UTC as r23470.
+Users of affected MPlayer versions should download a
+<a href="../../MPlayer/patches/cddb_fix_20070605.diff">patch</a>
+for MPlayer 1.0rc1 or update to the latest version if they're using SVN.
+</p>
+
+<p>
+In case you can't upgrade or apply the suggested patch, these are some possible
+workarounds:
+</p>
+
+<ul>
+	<li>Don't use cddb:// URLs (be careful also with playlists)</li>
+	<li>Redirect freedb.freedb.org to 127.0.0.1 (e.g. via hosts file)</li>
+	<li>Recompile with --disable-cddb</li>
+</ul>
+
+<p>
+Please note that we are not releasing an updated tarball with this fix at the
+moment.<br>
+If you need to stay with 1.0rc1, get the MPlayer 1.0rc1 tarball,
+apply the patch with the fix and recompile MPlayer. If possible, however, we
+recommend that you upgrade to SVN.<br>
+If you decide to stay with rc1, don't forget to also apply this
+<a href="../../MPlayer/patches/asmrules_fix_20061231.diff">older fix.</a>
+If you mantain a binary package for MPlayer, please name the updated version
+MPlayer 1.0rc1try3.
+</p>
+
+<h3>Affected versions</h3>
+
+<p>
+MPlayer 1.0rc1, MPlayer 1.0rc1try2 and SVN before r23470 (Tue Jun 5 11:13:32
+2007 UTC).
+Older versions are probably affected, too, but they were not checked.
+</p>
+
+
+<h3>Unaffected versions</h3>
+
+<p>
+SVN HEAD after r23470 (Tue Jun 5 11:13:32 2007 UTC)<br>
+MPlayer 1.0rc1 + security patches
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+	<a name="LinuxTag2007">2007-05-13, Sunday :: MPlayer at LinuxTag 2007</a>
+	<br><span class="poster">posted by Roberto</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://www.linuxtag.org/2007">
+<img src="../images/linuxtag.png" alt="LinuxTag2007" width="119" height="80"></a>
+</p>
+
+<p>
+Like in previous years, MPlayer will be present at
+<a href="http://www.linuxtag.org/2007/en/home/welcome.html">LinuxTag</a>.
+This year the event will take place from May 30 to June 2 at Messe Berlin.
+<a href="http://ffmpeg.org/">FFmpeg</a> will be there, too.
+</p>
+
+<p>
+You are welcome to meet the developers and tell us your suggestions in Hall 12
+Booth 93.
+</p>
+
+<p>
+If you happen to be there on Friday morning we suggest you to attend the
+presentation
+<a href="http://www.linuxtag.org/2007/en/conf/events/vp-freitag/details.html?talkid=87">FFmpeg: Past, Present, And Future</a>
+by <a href="http://multimedia.cx/eggs/">Mike Melanson</a>, an FFmpeg developer
+and well-known multimedia hacker.
+</p>
+
+<p>
+See you in Berlin!
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+	<a name="LinuxTag2007DonationsThanks">2007-04-17, Tuesday :: Thanks</a>
+	<br><span class="poster">posted by Guillaume</span>
+</h2>
+
+<p>
+We would like to thank all the generous people who donated towards helping
+us organizing LinuxTag this year.
+Like last time when our server had broken down, the donations exceeded our
+expectations and are now closed.
+</p>
+
+<p>
+The list of donors can be found on the <a href="donations.html">donations</a>
+page.
+Please <a href="mailto:&#103;&#112;&#111;&#105;&#114;&#105;&#101;&#114;&#64;m&#112;l&#97;&#121;e&#114;&#104;&#113;&#46;&#104;&#117;">mail me</a>
+if you would like to have your name removed.
+</p>
+
+<p>
+Many thanks to all of you!
+</p>
+</div>
+
+
+<div class="newsentry">
+
+
+<h2>
+	<a name="LinuxTag2007Donations">2007-03-14, Thursday :: Donations request for travel expenses to LinuxTag</a>
+	<br><span class="poster">posted by Guillaume</span>
+</h2>
+
+<p>
+Like every year, the FFmpeg and MPlayer teams are going to man a booth
+at <a href="http://www.linuxtag.de">LinuxTag</a> this year. Unfortunately, some of our developers do not have
+enough cash to get there.
+</p>
+
+<p>
+We estimated that we need about 800EUR to get everyone to LinuxTag.
+Thus we would like to kindly ask our users and supporters to donate
+us a little bit of money so that we can meet you in Berlin.
+</p>
+
+
+<h3>How to donate money</h3>
+
+<dl>
+<dt>Paypal</dt>
+<dd>(removed)</dd>
+</dl>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+	<a name="LqAward2006">2007-02-21, Wednesday :: LinuxQuestions.org Members Choice Award</a>
+	<br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://www.linuxquestions.org/questions/showthread.php?t=514974">
+<img src="../images/awards/LQ-2006MCA-video.png" alt="2006 LinuxQuestions.org Members Choice Award" width="120" height="120"></a>
+</p>
+
+<p>
+We have just been notified that
+<a href="http://www.linuxquestions.org/">LinuxQuestions.org</a>
+has held its annual Members Choice Award again and MPlayer
+has come out on top in the category
+<a href="http://www.linuxquestions.org/questions/showthread.php?t=514974">Video Media Player Application of the Year</a>.
+</p>
+
+<p>
+MPlayer received 618 votes (41.93%), the second place went to
+<a href="http://www.videolan.org/vlc/">VLC</a> with with 306 (20.76%)
+and the third place to
+<a href="http://kaffeine.sf.net/">kaffeine</a> with 235 (15.94%).
+</p>
+
+<p>
+A big thank you to our many fans.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
+	<a name="HUPAward2006">2007-01-17, Wednesday :: HUP Readers' Choice Award 2006</a>
+	<br><span class="poster">posted by Diego</span>
+</h2>
+
+<p class="left-inset">
+<a href="http://hup.hu/node/33504">
+<img src="../images/awards/hup2006.png" alt="HUP Readers' Choice Award 2006" width="120" height="120"></a>
+</p>
+
+<p>
+Like every year the <a href="http://hup.hu">Hungarian Unix Portal</a> has
+held its annual Readers' Choice Award and once again MPlayer came out on
+top of the "favorite video player" category.
+MPlayer got 799 votes (73%), placing it before VLC with 148 (13%) and
+xine with 52 (5%).
+<p>
+
+<p>
+We also managed to return to the top of the "Favorite Hungarian Project"
+category. Thanks for the support!
+</p>
+
+<p>
+If you can read Hungarian, check out the
+<a href="http://hup.hu/node/33504">HUP award page</a>.
+</p>
+
+</div>
+
+
+
+<div class="newsentry">
+
+<h2>
 	<a name="vuln14">2006-12-31, Sunday :: buffer overflow in asmrp.c</a>
 	<br><span class="poster">posted by Roberto</span>
 </h2>

Modified: trunk/src/news.src.en
==============================================================================
--- trunk/src/news.src.en	(original)
+++ trunk/src/news.src.en	Sat Sep 13 15:44:00 2008
@@ -806,259 +806,4 @@
 
 
 
-<div class="newsentry">
-
-<h2>
-	<a name="vuln15">2007-06-05, Tuesday :: stack overflow in stream_cddb.c</a>
-	<br><span class="poster">posted by Roberto</span>
-</h2>
-
-<h3>Summary</h3>
-
-<p>
-A stack overflow was found and reported by Stefan Cornelius of Secunia
-Research in the code used to handle CDDB queries. Two other similar issues
-were found by Reimar Döffinger while fixing the issue. The vulnerability is
-identified with CVE-2007-2948 and
-<a href="http://secunia.com/advisories/24302/">SAID 24302</a>.
-</p>
-
-<p>
-When copying the album title and category, no checking was performed on the size
-of the strings before storing them in a fixed-size array. A malicious entry in
-the database could trigger a stack overflow in the program, leading to arbitrary
-code execution with the UID of the user running MPlayer.
-</p>
-
-<h3>Severity</h3>
-
-<p>
-High (arbitrary remote code execution under the user ID running the player)
-when getting disk information from a malicious CDDB entry, null if you do not
-use this feature. Please note that it is possible to overwrite entries in the
-CDDB database, so an attack can also be performed via a non-compromised server.
-At the time the buffer overflow was fixed there was no known exploit in the
-wild.
-</p>
-
-<h3>Solution</h3>
-
-<p>
-A
-<a href="http://svn.mplayerhq.hu/mplayer/trunk/stream/stream_cddb.c?r1=23287&amp;r2=23470">fix</a>
-for this problem was committed to SVN on Tue Jun 5 11:13:32 2007 UTC as r23470.
-Users of affected MPlayer versions should download a
-<a href="../../MPlayer/patches/cddb_fix_20070605.diff">patch</a>
-for MPlayer 1.0rc1 or update to the latest version if they're using SVN.
-</p>
-
-<p>
-In case you can't upgrade or apply the suggested patch, these are some possible
-workarounds:
-</p>
-
-<ul>
-	<li>Don't use cddb:// URLs (be careful also with playlists)</li>
-	<li>Redirect freedb.freedb.org to 127.0.0.1 (e.g. via hosts file)</li>
-	<li>Recompile with --disable-cddb</li>
-</ul>
-
-<p>
-Please note that we are not releasing an updated tarball with this fix at the
-moment.<br>
-If you need to stay with 1.0rc1, get the MPlayer 1.0rc1 tarball,
-apply the patch with the fix and recompile MPlayer. If possible, however, we
-recommend that you upgrade to SVN.<br>
-If you decide to stay with rc1, don't forget to also apply this
-<a href="../../MPlayer/patches/asmrules_fix_20061231.diff">older fix.</a>
-If you mantain a binary package for MPlayer, please name the updated version
-MPlayer 1.0rc1try3.
-</p>
-
-<h3>Affected versions</h3>
-
-<p>
-MPlayer 1.0rc1, MPlayer 1.0rc1try2 and SVN before r23470 (Tue Jun 5 11:13:32
-2007 UTC).
-Older versions are probably affected, too, but they were not checked.
-</p>
-
-
-<h3>Unaffected versions</h3>
-
-<p>
-SVN HEAD after r23470 (Tue Jun 5 11:13:32 2007 UTC)<br>
-MPlayer 1.0rc1 + security patches
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
-	<a name="LinuxTag2007">2007-05-13, Sunday :: MPlayer at LinuxTag 2007</a>
-	<br><span class="poster">posted by Roberto</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://www.linuxtag.org/2007">
-<img src="../images/linuxtag.png" alt="LinuxTag2007" width="119" height="80"></a>
-</p>
-
-<p>
-Like in previous years, MPlayer will be present at
-<a href="http://www.linuxtag.org/2007/en/home/welcome.html">LinuxTag</a>.
-This year the event will take place from May 30 to June 2 at Messe Berlin.
-<a href="http://ffmpeg.org/">FFmpeg</a> will be there, too.
-</p>
-
-<p>
-You are welcome to meet the developers and tell us your suggestions in Hall 12
-Booth 93.
-</p>
-
-<p>
-If you happen to be there on Friday morning we suggest you to attend the
-presentation
-<a href="http://www.linuxtag.org/2007/en/conf/events/vp-freitag/details.html?talkid=87">FFmpeg: Past, Present, And Future</a>
-by <a href="http://multimedia.cx/eggs/">Mike Melanson</a>, an FFmpeg developer
-and well-known multimedia hacker.
-</p>
-
-<p>
-See you in Berlin!
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
-	<a name="LinuxTag2007DonationsThanks">2007-04-17, Tuesday :: Thanks</a>
-	<br><span class="poster">posted by Guillaume</span>
-</h2>
-
-<p>
-We would like to thank all the generous people who donated towards helping
-us organizing LinuxTag this year.
-Like last time when our server had broken down, the donations exceeded our
-expectations and are now closed.
-</p>
-
-<p>
-The list of donors can be found on the <a href="donations.html">donations</a>
-page.
-Please <a href="mailto:&#103;&#112;&#111;&#105;&#114;&#105;&#101;&#114;&#64;m&#112;l&#97;&#121;e&#114;&#104;&#113;&#46;&#104;&#117;">mail me</a>
-if you would like to have your name removed.
-</p>
-
-<p>
-Many thanks to all of you!
-</p>
-</div>
-
-
-<div class="newsentry">
-
-
-<h2>
-	<a name="LinuxTag2007Donations">2007-03-14, Thursday :: Donations request for travel expenses to LinuxTag</a>
-	<br><span class="poster">posted by Guillaume</span>
-</h2>
-
-<p>
-Like every year, the FFmpeg and MPlayer teams are going to man a booth
-at <a href="http://www.linuxtag.de">LinuxTag</a> this year. Unfortunately, some of our developers do not have
-enough cash to get there.
-</p>
-
-<p>
-We estimated that we need about 800EUR to get everyone to LinuxTag.
-Thus we would like to kindly ask our users and supporters to donate
-us a little bit of money so that we can meet you in Berlin.
-</p>
-
-
-<h3>How to donate money</h3>
-
-<dl>
-<dt>Paypal</dt>
-<dd>(removed)</dd>
-</dl>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
-	<a name="LqAward2006">2007-02-21, Wednesday :: LinuxQuestions.org Members Choice Award</a>
-	<br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://www.linuxquestions.org/questions/showthread.php?t=514974">
-<img src="../images/awards/LQ-2006MCA-video.png" alt="2006 LinuxQuestions.org Members Choice Award" width="120" height="120"></a>
-</p>
-
-<p>
-We have just been notified that
-<a href="http://www.linuxquestions.org/">LinuxQuestions.org</a>
-has held its annual Members Choice Award again and MPlayer
-has come out on top in the category
-<a href="http://www.linuxquestions.org/questions/showthread.php?t=514974">Video Media Player Application of the Year</a>.
-</p>
-
-<p>
-MPlayer received 618 votes (41.93%), the second place went to
-<a href="http://www.videolan.org/vlc/">VLC</a> with with 306 (20.76%)
-and the third place to
-<a href="http://kaffeine.sf.net/">kaffeine</a> with 235 (15.94%).
-</p>
-
-<p>
-A big thank you to our many fans.
-</p>
-
-</div>
-
-
-
-<div class="newsentry">
-
-<h2>
-	<a name="HUPAward2006">2007-01-17, Wednesday :: HUP Readers' Choice Award 2006</a>
-	<br><span class="poster">posted by Diego</span>
-</h2>
-
-<p class="left-inset">
-<a href="http://hup.hu/node/33504">
-<img src="../images/awards/hup2006.png" alt="HUP Readers' Choice Award 2006" width="120" height="120"></a>
-</p>
-
-<p>
-Like every year the <a href="http://hup.hu">Hungarian Unix Portal</a> has
-held its annual Readers' Choice Award and once again MPlayer came out on
-top of the "favorite video player" category.
-MPlayer got 799 votes (73%), placing it before VLC with 148 (13%) and
-xine with 52 (5%).
-<p>
-
-<p>
-We also managed to return to the top of the "Favorite Hungarian Project"
-category. Thanks for the support!
-</p>
-
-<p>
-If you can read Hungarian, check out the
-<a href="http://hup.hu/node/33504">HUP award page</a>.
-</p>
-
-</div>
-
 <!-- content end -->



More information about the MPlayer-DOCS mailing list