Re: Bug#132528: realplayer: Buffer Overrun Exploit

To: Jamie Wilkinson <jaq@spacepants.org>, 132528@bugs.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#132528: realplayer: Buffer Overrun Exploit
From: Brian Russo <brian@entropy.net>
Date: Thu, 7 Feb 2002 09:18:32 -0500
Message-id: <[🔎] 20020207141832.GI86119@sibum.pair.com>
In-reply-to: <20020206013821.GA5058@spacepants.org>
References: <E16YFhB-0003CZ-00@gandalf.intalio.com> <[🔎] 20020206005050.GF86119@sibum.pair.com> <20020206013821.GA5058@spacepants.org>

At Wed, Feb 06, 2002 at 12:38:21PM +1100, Jamie Wilkinson wrote:
> This one time, at band camp, Brian Russo wrote:
> >Is this .so freely distributable?
> >probably not, I don't see how I would really go about 
> >'patching' this if I cannot distribute the patch.
> >
> >Real has not released a new version of the RPM (still cs2),
> >so unless they have 'silently' added the new .so,
> >there's not much I can do. Else I could release a new .deb,
> >which asks for the new rpm. Better than nothing, 'twould be.
> 
> You could download the extra .so in your postinst and install it, or add a
> debconf note suggesting that the admin downloads it to a place where you can
> install it from.

I don't like the downloading-from-the-web idea,
mainly because it's buggy and won't work for everyone.

I emailed -user with a mini advisory for now.

Reply to:

Follow-Ups:
- Re: Bug#132528: realplayer: Buffer Overrun Exploit
  - From: Jamie Wilkinson <jaq@spacepants.org>

References:
- Re: Bug#132528: realplayer: Buffer Overrun Exploit
  - From: Brian Russo <brian@entropy.net>

Prev by Date: Re: Upstream debian/ directory
Next by Date: Re: It's Huntin' Season
Previous by thread: Re: Bug#132528: realplayer: Buffer Overrun Exploit
Next by thread: Re: Bug#132528: realplayer: Buffer Overrun Exploit
Index(es):
- Date
- Thread