[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#132528: realplayer: Buffer Overrun Exploit

Is this .so freely distributable?
probably not, I don't see how I would really go about 
'patching' this if I cannot distribute the patch.

Real has not released a new version of the RPM (still cs2),
so unless they have 'silently' added the new .so,
there's not much I can do. Else I could release a new .deb,
which asks for the new rpm. Better than nothing, 'twould be.

Perhaps I should make some kind of announcement telling people to
apply the patch themselves.

I'm open to suggestions...

 - bri

At Tue, Feb 05, 2002 at 04:12:17PM -0800, Nicolas Lidzborski wrote:
> Package: realplayer
> Version: 8.0.6
> Severity: grave
> Tags: security
> Justification: user security hole
> Real has discovered a buffer overrun in one of their libs used by RealPlayer.
> They provide a new lib to replace the flawed one.
> Check:
> http://www.service.real.com/help/faq/security/bufferoverrun.html
> Could be a good idea to download the patch (just the rmffplin library) and
> to strip it afterwards.

/\_/\  Brian Russo                 <brian@entropy.net> 
\. ./  Debian/GNU Linux Developer  <wolfie@debian.org>
/\_/\  404E 87E8 DD0C 275B 742B 09AD 2243 839C 54D8 1666

Reply to: