[helix-maintainers] Bug#443130: CVE-2007-4904 user-assisted remote denial of service
Nico Golde
nion at debian.org
Tue Sep 18 22:34:45 UTC 2007
Package: helix-player
Version: 1.0.8-2
Severity: normal
Tags: security
Hi Daniel,
a CVE was published for helix-player.
CVE-2007-4904[0]:
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix
Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other
platforms, allow user-assisted remote attackers to cause a
denial of service (application crash) via a malformed .au
file that triggers a divide-by-zero error.
I can confirm this bug in unstable.
If you fix this bug please include the CVE id in the
changelog.
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4904
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/helix-maintainers/attachments/20070919/f3183e00/attachment.pgp
More information about the helix-maintainers
mailing list