Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 Mar 2004 09:34:02 +0200 (CEST)
From:      "Thomas E. Zander" <riggs@rrr.de>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/64974: security update of multimedia/mplayer
Message-ID:  <200403310734.i2V7Y2Fj004352@o503.hadiko.de>
Resent-Message-ID: <200403310740.i2V7e3vI038069@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         64974
>Category:       ports
>Synopsis:       security update of multimedia/mplayer
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 30 23:40:03 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Thomas E. Zander
>Release:        FreeBSD 5.2-CURRENT i386
>Organization:
>Environment:
System: FreeBSD o503.hadiko.de 5.2-CURRENT FreeBSD 5.2-CURRENT #1: Tue Mar 30 12:54:37 CEST 2004 root@o503.hadiko.de:/usr/obj/usr/src/sys/MARVIN i386


	
>Description:
mplayer's http parser is vulnerable to buffer overflow attacks
and allows remote exploit.
Therefore, the devel team released a version which contains a fix.
>How-To-Repeat:
>Fix:
Update of the port to the latest bugfix release:

diff -ruN mplayer-old/Makefile mplayer/Makefile
--- mplayer-old/Makefile	Wed Mar 31 09:17:16 2004
+++ mplayer/Makefile	Wed Mar 31 09:22:14 2004
@@ -175,8 +175,7 @@
 # to be installed.
 
 PORTNAME=	mplayer
-PORTVERSION=	0.92.0
-PORTREVISION=	7
+PORTVERSION=	0.92.1
 CATEGORIES=	multimedia audio ipv6
 MASTER_SITES=	http://www1.mplayerhq.hu/MPlayer/releases/ \
 		http://www2.mplayerhq.hu/MPlayer/releases/ \
@@ -188,7 +187,7 @@
 		ftp://ftp.lug.udel.edu/MPlayer/releases/ \
 		ftp://mirrors.xmission.com/MPlayer/releases/ \
 		http://www.rrr.de/~riggs/mplayer/
-DISTNAME=	MPlayer-0.92
+DISTNAME=	MPlayer-0.92.1
 
 PATCH_SITES=	${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/kame/misc/&,}
 PATCHFILES=	mplayer-0.9.2-v6-20030930.diff.gz
diff -ruN mplayer-old/distinfo mplayer/distinfo
--- mplayer-old/distinfo	Sun Nov 16 19:50:16 2003
+++ mplayer/distinfo	Wed Mar 31 09:22:31 2004
@@ -1,2 +1,4 @@
-MD5 (MPlayer-0.92.tar.bz2) = c4e003fc6c6f82c1cae96a95eb9b2d28
+MD5 (MPlayer-0.92.1.tar.bz2) = 678920b5667862cef1cd8cdb042a5773
+SIZE (MPlayer-0.92.1.tar.bz2) = 3463518
 MD5 (mplayer-0.9.2-v6-20030930.diff.gz) = 1984f929672e38efb589c0f5fc61b37e
+SIZE (mplayer-0.9.2-v6-20030930.diff.gz) = 2139
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403310734.i2V7Y2Fj004352>