Package: mplayer Version: 1.0~rc1-8 Severity: grave Tags: security Justification: user security hole
mplayer segfaults on a file I have (probably badly) downloaded from the Internet. Note that other video applications in Debian (vlc, kaffeine) do not segfault. It is very likely a security problem. The file is available here: http://temp.aurel32.net/mplayer.mpeg -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-xen-amd64 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Versions of packages mplayer depends on: ii debconf [debconf-2 1.5.10 Debian configuration management sy ii libasound2 1.0.13-1 ALSA library ii libatk1.0-0 1.12.3-1 The ATK accessibility toolkit ii libaudiofile0 0.2.6-6 Open-source version of SGI's audio ii libc6 2.3.6.ds1-9 GNU C Library: Shared libraries ii libcaca0 0.99.beta11.debian-2 colour ASCII art library ii libcairo2 1.2.4-4 The Cairo 2D vector graphics libra ii libcdparanoia0 3.10+debian~pre0-4 audio extraction tool for sampling ii libconfhelper-perl 0.12.5 Library for editing configuration ii libcucul0 0.99.beta11.debian-2 low-level Unicode character drawin ii libdirectfb-0.9-25 0.9.25.1-5 direct frame buffer graphics - sha ii libdv4 1.0.0-1 software library for DV format dig ii libdvdread3 0.9.7-2 library for reading DVDs ii libesd0 0.2.36-3 Enlightened Sound Daemon - Shared ii libfontconfig1 2.4.2-1 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libglib2.0-0 2.12.4-2 The GLib library of C routines ii libgtk2.0-0 2.8.20-3 The GTK+ graphical user interface ii libjpeg62 6b-13 The Independent JPEG Group's JPEG ii liblircclient0 0.8.0-9 LIRC client library ii liblzo1 1.08-3 data compression library (old vers ii libmad0 0.15.1b-2.1 MPEG audio decoder library ii libncurses5 5.5-5 Shared libraries for terminal hand ii libogg0 1.1.3-2 Ogg Bitstream Library ii libpango1.0-0 1.14.8-3 Layout and rendering of internatio ii libpng12-0 1.2.15~beta5-0 PNG library - runtime ii libsdl1.2debian 1.2.11-7 Simple DirectMedia Layer ii libsmbclient 3.0.23d-2 shared library that allows applica ii libspeex1 1.1.12-2 The Speex Speech Codec ii libtheora0 0.0.0.alpha7.dfsg-1.1 The Theora Video Compression Codec ii libungif4g 4.1.4-4 shared library for GIF images ii libx11-6 2:1.0.3-4 X11 client-side library ii libxcursor1 1.1.7-4 X cursor management library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxfixes3 1:4.0.1-5 X11 miscellaneous 'fixes' extensio ii libxi6 1:1.0.1-4 X11 Input extension library ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-5 X11 RandR extension library ii libxrender1 1:0.9.1-3 X Rendering Extension client libra ii libxv1 1:1.0.2-1 X11 Video extension library ii libxvmc1 1:1.0.2-2 X11 Video extension library ii libxxf86dga1 2:1.0.1-2 X11 Direct Graphics Access extensi ii libxxf86vm1 1:1.0.1-2 X11 XFree86 video mode extension l ii mplayer-skin-blue 1.6-1 blue skin for mplayer ii zlib1g 1:1.2.3-13 compression library - runtime mplayer recommends no packages. -- debconf information: mplayer/voutput: autodetect mplayer/cfgnote: mplayer/replace-existing-files-bail: mplayer/install_codecs: mplayer/rtc: false mplayer/replace-existing-files: false mplayer/ttfont: Sans mplayer/no-ttfont: mplayer/dvd_device: /dev/cdrom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
