CVE-2007-2948: Stack overflow in mplayer cddb handling

Bug #118855 reported by William Grant on 2007-06-05
256
Affects Status Importance Assigned to Milestone
mplayer (Ubuntu)
High
William Grant
Dapper
Undecided
William Grant
Edgy
Undecided
William Grant
Feisty
High
William Grant
Gutsy
High
William Grant

Bug Description

Binary package hint: mplayer

Only appears to affect 1.0rc1 (ie. Feisty). Arbitrary code execution is possible, with a malicious entry on the server. There is an upstream patch, and I'll have a debdiff for Feisty shortly.

William Grant (wgrant) on 2007-06-05
Changed in mplayer:
assignee: nobody → fujitsu
importance: Undecided → High
status: Unconfirmed → In Progress
Changed in mplayer:
importance: Undecided → High
assignee: nobody → fujitsu
status: Unconfirmed → In Progress
William Grant (wgrant) on 2007-06-06
Changed in mplayer:
assignee: fujitsu → nobody
importance: High → Undecided
status: In Progress → Confirmed
assignee: nobody → fujitsu
William Grant (wgrant) on 2007-06-06
Changed in mplayer:
importance: Undecided → High
status: Confirmed → In Progress
William Grant (wgrant) wrote :

Gutsy fix was upload a few days back, but changelog-closes-bugs didn't work.

Changed in mplayer:
status: In Progress → Fix Released
William Grant (wgrant) wrote :

Gutsy fix was uploaded a few days back, but changelog-closes-bugs didn't work.

William Grant (wgrant) wrote :
Kees Cook (kees) wrote :

Thanks for the debdiff! This has built and been published. I'll keep an eye on LP and see if security uploads get auto-closed too. I think it won't since this is in a subtask.

Changed in mplayer:
status: In Progress → Fix Committed
William Grant (wgrant) wrote :

mplayer (2:1.0~rc1-0ubuntu9.1) feisty-security; urgency=low

  * SECURITY UPDATE: buffer overrun in cddb code (LP: #118855).
  * stream/stream_cddb.c: Apply upstream patch.
  * References:
    - CVE-2007-2948

 -- William Grant <email address hidden> Mon, 11 Jun 2007 11:08:49 +1000

Changed in mplayer:
status: Fix Committed → Fix Released
William Grant (wgrant) on 2007-11-17
Changed in mplayer:
assignee: nobody → fujitsu
status: New → In Progress
assignee: nobody → fujitsu
status: New → In Progress
Kees Cook (kees) on 2007-11-20
Changed in mplayer:
status: In Progress → Triaged
status: In Progress → Triaged
William Grant (wgrant) on 2007-12-02
Changed in mplayer:
status: Triaged → In Progress
William Grant (wgrant) on 2007-12-03
Changed in mplayer:
status: Triaged → In Progress
Kees Cook (kees) on 2007-12-03
Changed in mplayer:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
William Grant (wgrant) on 2007-12-04
Changed in mplayer:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers