[MPlayer-dev-eng] buffer overflow of the month
Diego Biurrun
diego at biurrun.de
Thu Aug 25 18:26:20 CEST 2005
On Thu, Aug 25, 2005 at 06:04:33PM +0200, Attila Kinali wrote:
>
> Sascha just posted the "advisory" of a german one man security company
> on IRC: http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt
>
> Has anyone here been contacted by this guy ?
> Noone i asked on IRC knew anything about it prior to the
> public discolsure.
I haven't been contacted, my address is on the homepage (spam armored).
> Can someone confirm whether this is a normal sig11 or something
> more serious ? If it's just a sig11 i would like to post
> a news entry on the webpage as soon as possible to
> 1) Tell people that it is not exploitable
> 2) Tell people that we haven't been contacted
You barely beat me to posting to dev-eng and this is exactly what I had
planned. I assume this guy contacted /dev/null, otherwise we would have
reacted quickly as usual. If he is really lying about contacting any of us
he deserves to be flamed to a cinder on the homepage.
Diego
More information about the MPlayer-dev-eng
mailing list