From owner-cvs-all@FreeBSD.ORG  Wed Oct  1 19:23:58 2008
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1F30110656AC;
	Wed,  1 Oct 2008 19:23:58 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id D36D48FC0A;
	Wed,  1 Oct 2008 19:23:57 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id m91JNvqj033959;
	Wed, 1 Oct 2008 19:23:57 GMT (envelope-from miwi@repoman.freebsd.org)
Received: (from miwi@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id m91JNvwn033956;
	Wed, 1 Oct 2008 19:23:57 GMT (envelope-from miwi)
Message-Id: <200810011923.m91JNvwn033956@repoman.freebsd.org>
From: Martin Wilke <miwi@FreeBSD.org>
Date: Wed, 1 Oct 2008 19:23:57 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/multimedia/mplayer Makefile
 ports/multimedia/mplayer/files patch-CVE-2008-3827
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2008 19:23:58 -0000

miwi        2008-10-01 19:23:57 UTC

  FreeBSD ports repository

  Modified files:
    multimedia/mplayer   Makefile 
  Added files:
    multimedia/mplayer/files patch-CVE-2008-3827 
  Log:
  - Fix a vulnerability which could result in arbitrary code execution
    and at least, in unexpected process termination. Three integer
    underflows located in the Real demuxer code can be used to exploit
    a heap overflow, a specific video file can be crafted in order to make
    the stream_read function read or write arbitrary amounts of memory.
  
  Approved by:    maintainer via private mail
  Security:       http://www.vuxml.org/freebsd/724e6f93-8f2a-11dd-821f-001cc0377035.html
  
  Revision  Changes    Path
  1.177     +1 -1      ports/multimedia/mplayer/Makefile
  1.1       +28 -0     ports/multimedia/mplayer/files/patch-CVE-2008-3827 (new)