Comment 3 for bug 731625

This bug was fixed in the package mplayer - 2:1.0~rc2-0ubuntu13.2

---------------
mplayer (2:1.0~rc2-0ubuntu13.2) hardy-security; urgency=low

  * SECURITY UPDATE: Integer signedness error in the fourxm_read_header
    function in libavformat/4xm.c in FFmpeg before revision 16846 allows
    remote attackers to execute arbitrary code via a malformed 4X movie
    file with a large current_track value, which triggers a NULL pointer
    dereference. (LP: #731625)
    - libavformat/4xm.c - patch from ffmpeg package in hardy-security
    - References:
      + CVE-2009-0385
 -- Firas Kraiem <email address hidden> Tue, 08 Mar 2011 22:53:14 +0100