Re: Bug#132528: realplayer: Buffer Overrun Exploit
At Wed, Feb 06, 2002 at 12:38:21PM +1100, Jamie Wilkinson wrote:
> This one time, at band camp, Brian Russo wrote:
> >Is this .so freely distributable?
> >probably not, I don't see how I would really go about
> >'patching' this if I cannot distribute the patch.
> >Real has not released a new version of the RPM (still cs2),
> >so unless they have 'silently' added the new .so,
> >there's not much I can do. Else I could release a new .deb,
> >which asks for the new rpm. Better than nothing, 'twould be.
> You could download the extra .so in your postinst and install it, or add a
> debconf note suggesting that the admin downloads it to a place where you can
> install it from.
I don't like the downloading-from-the-web idea,
mainly because it's buggy and won't work for everyone.
I emailed -user with a mini advisory for now.