aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2007-06-08 02:34:14 +0800
committersimon <simon@FreeBSD.org>2007-06-08 02:34:14 +0800
commit075e209823927b2e1b1d2317ce91809cccf6982b (patch)
tree7d285535a856bae74cdc9aea63ed48105bebd948 /security/vuxml
parent54bb4016c3e6cec9b7fe21d6730f54e339413f9c (diff)
downloadfreebsd-ports-gnome-075e209823927b2e1b1d2317ce91809cccf6982b.tar.gz
freebsd-ports-gnome-075e209823927b2e1b1d2317ce91809cccf6982b.tar.zst
freebsd-ports-gnome-075e209823927b2e1b1d2317ce91809cccf6982b.zip
- The fixed mplayer version number is 0.99.10_10, mark it as such. [1]
- Add older mplayer package names. - Break long lines. Noticed by: Henrik Brix Andersen <henrik@brixandersen.dk>
Diffstat (limited to 'security/vuxml')
-rw-r--r--security/vuxml/vuln.xml20
1 files changed, 13 insertions, 7 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 1e5cea101ec5..4fa368ce2e2e 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -39,19 +39,25 @@ Note: Please add new entries to the beginning of this file.
<affects>
<package>
<name>mplayer</name>
- <range><lt>0.99.10_9</lt></range>
+ <name>mplayer-esound</name>
+ <name>mplayer-gtk</name>
+ <name>mplayer-gtk2</name>
+ <name>mplayer-gtk-esound</name>
+ <name>mplayer-gtk2-esound</name>
+ <range><lt>0.99.10_10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mplayer Team reports:</p>
<blockquote cite="http://www.mplayerhq.hu/design7/news.html">
- <p>A stack overflow was found in the code used to handle cddb queries.
- When copying the album title and category, no checking was performed
- on the size of the strings before storing them in a fixed-size array.
- A malicious entry in the database could trigger a stack overflow in
- the program, leading to arbitrary code execution with the uid of the
- user running MPlayer.</p>
+ <p>A stack overflow was found in the code used to handle
+ cddb queries. When copying the album title and category,
+ no checking was performed on the size of the strings
+ before storing them in a fixed-size array. A malicious
+ entry in the database could trigger a stack overflow in
+ the program, leading to arbitrary code execution with the
+ uid of the user running MPlayer.</p>
</blockquote>
</body>
</description>