Re: Bug#132528: realplayer: Buffer Overrun Exploit

To: Nicolas Lidzborski <cpc@freeshell.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#132528: realplayer: Buffer Overrun Exploit
From: Brian Russo <brian@entropy.net>
Date: Tue, 5 Feb 2002 19:50:50 -0500
Message-id: <[🔎] 20020206005050.GF86119@sibum.pair.com>
In-reply-to: <E16YFhB-0003CZ-00@gandalf.intalio.com>
References: <E16YFhB-0003CZ-00@gandalf.intalio.com>

Is this .so freely distributable?
probably not, I don't see how I would really go about 
'patching' this if I cannot distribute the patch.

Real has not released a new version of the RPM (still cs2),
so unless they have 'silently' added the new .so,
there's not much I can do. Else I could release a new .deb,
which asks for the new rpm. Better than nothing, 'twould be.

Perhaps I should make some kind of announcement telling people to
apply the patch themselves.

I'm open to suggestions...

 - bri

At Tue, Feb 05, 2002 at 04:12:17PM -0800, Nicolas Lidzborski wrote:
> Package: realplayer
> Version: 8.0.6
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Real has discovered a buffer overrun in one of their libs used by RealPlayer.
> They provide a new lib to replace the flawed one.
> 
> Check:
> http://www.service.real.com/help/faq/security/bufferoverrun.html
> 
> Could be a good idea to download the patch (just the rmffplin library) and
> to strip it afterwards.

-- 
/\_/\  Brian Russo                 <brian@entropy.net> 
\. ./  Debian/GNU Linux Developer  <wolfie@debian.org>
/\_/\  404E 87E8 DD0C 275B 742B 09AD 2243 839C 54D8 1666

Reply to:

Follow-Ups:
- Re: Bug#132528: realplayer: Buffer Overrun Exploit
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: Where is the Slink stuff?
Next by Date: Re: It's Huntin' Season
Previous by thread: Re: dhcp NMU or dhcp v3?
Next by thread: Re: Bug#132528: realplayer: Buffer Overrun Exploit
Index(es):
- Date
- Thread