[Frugalware-darcs] frugalware-current: mplayer-1.0rc1-8-i686

VMiklos vmiklos at frugalware.org
Wed Jun 6 23:44:12 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-current;a=darcs_commitdiff;h=20070606214147-e2957-ac316f201b36d6f1cd4a74dcdf979701a10f2d86.gz;

[mplayer-1.0rc1-8-i686
VMiklos <vmiklos at frugalware.org>**20070606214147
 added CVE-2007-2948.diff
 closes #2131
] {
addfile ./source/xapps/mplayer/CVE-2007-2948.diff
hunk ./source/xapps/mplayer/CVE-2007-2948.diff 1
+--- trunk/stream/stream_cddb.c	2007/05/10 11:43:39	23287
++++ trunk/stream/stream_cddb.c	2007/06/05 11:13:32	23470
+@@ -377,7 +377,7 @@
+ =

+ 	switch(status) {
+ 		case 210:
+-			ret =3D sscanf( http_hdr->body, "%d %s %08lx", &status, category, &dis=
c_id);
++			ret =3D sscanf( http_hdr->body, "%d %99s %08lx", &status, category, &d=
isc_id);
+ 			if( ret!=3D3 ) {
+ 				mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ 				return -1;
+@@ -438,7 +438,7 @@
+ 	ptr++;
+ 	// We have a list of exact/inexact matches, so which one do we use?
+ 	// So let's take the first one.
+-	ret =3D sscanf(ptr, "%s %08lx %s", cddb_data->category, &(cddb_data->dis=
c_id), album_title);
++	ret =3D sscanf(ptr, "%99s %08lx %99s", cddb_data->category, &(cddb_data-=
>disc_id), album_title);
+ 	if( ret!=3D3 ) {
+ 		mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ 		return -1;
+@@ -475,7 +475,7 @@
+ 	switch(status) {
+ 		case 200:
+ 			// Found exact match
+-			ret =3D sscanf(http_hdr->body, "%d %s %08lx %s", &status, cddb_data->c=
ategory, &(cddb_data->disc_id), album_title);
++			ret =3D sscanf(http_hdr->body, "%d %99s %08lx %99s", &status, cddb_dat=
a->category, &(cddb_data->disc_id), album_title);
+ 			if( ret!=3D4 ) {
+ 				mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ 				return -1;
hunk ./source/xapps/mplayer/FrugalBuild 7
-pkgrel=3D7
+pkgrel=3D8
hunk ./source/xapps/mplayer/FrugalBuild 31
-	DMO_VideoDecoder.diff)
+	DMO_VideoDecoder.diff \
+	CVE-2007-2948.diff)
+sha1sums=3D('a450c0b0749c343a8496ba7810363c9d46dfa73c' \
+          'f7492d46afc72678435b70fa4326dbbf32795ba9' \
+          '7135e8bf05cee6b123b81fa2a2c6ab18a27af615' \
+          '45e5ee7a5541a5f1cfd2678a6c9b5911ca473cb9' \
+          'ccf11dce5d0fb72fd3af97f788b7471cd0cd0b68' \
+          '152c40bf20de34aa8802d7f80d34d673b0b67212' \
+          '7b99bbe0e9ba89a57eccbea8f93c453c4f268181' \
+          '2a3fa8cf54ec3ed4dfa1a0e72f2d207c13507b9d' \
+          'b22dbe895991c23fad446c3c4ff7b6db12673778' \
+          '9ca910295c2888fba95a98da83762a22aaf34651' \
+          '45c4adbe6ab3063b68938c813966948aebf15ce3' \
+          '84412f4bd85d64a92586ca4db7e8585d16cd1acd' \
+          'e629aafe8e07ddae6db93009715295e6a9d8ed45' \
+          '977fad7f0e8ec616d4b7a6cd2aa5aebcde99f7e1')
hunk ./source/xapps/mplayer/FrugalBuild 93
-sha1sums=3D('a450c0b0749c343a8496ba7810363c9d46dfa73c'\
-          'f7492d46afc72678435b70fa4326dbbf32795ba9'\
-          '7135e8bf05cee6b123b81fa2a2c6ab18a27af615'\
-          '45e5ee7a5541a5f1cfd2678a6c9b5911ca473cb9'\
-          'ccf11dce5d0fb72fd3af97f788b7471cd0cd0b68'\
-          '152c40bf20de34aa8802d7f80d34d673b0b67212'\
-          '7b99bbe0e9ba89a57eccbea8f93c453c4f268181'\
-          '2a3fa8cf54ec3ed4dfa1a0e72f2d207c13507b9d'\
-          'b22dbe895991c23fad446c3c4ff7b6db12673778'\
-          '9ca910295c2888fba95a98da83762a22aaf34651'\
-          '45c4adbe6ab3063b68938c813966948aebf15ce3'\
-          '84412f4bd85d64a92586ca4db7e8585d16cd1acd'\
-          'e629aafe8e07ddae6db93009715295e6a9d8ed45')
}


More information about the Frugalware-darcs mailing list