[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#132528: realplayer: Buffer Overrun Exploit

At Wed, Feb 06, 2002 at 12:38:21PM +1100, Jamie Wilkinson wrote:
> This one time, at band camp, Brian Russo wrote:
> >Is this .so freely distributable?
> >probably not, I don't see how I would really go about 
> >'patching' this if I cannot distribute the patch.
> >
> >Real has not released a new version of the RPM (still cs2),
> >so unless they have 'silently' added the new .so,
> >there's not much I can do. Else I could release a new .deb,
> >which asks for the new rpm. Better than nothing, 'twould be.
> You could download the extra .so in your postinst and install it, or add a
> debconf note suggesting that the admin downloads it to a place where you can
> install it from.

I don't like the downloading-from-the-web idea,
mainly because it's buggy and won't work for everyone.

I emailed -user with a mini advisory for now.

Reply to: