lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0402131737550.3461-100000@xiongmao.otago.ac.nz>
Date: Fri, 13 Feb 2004 17:42:06 +1300 (NZDT)
From: Simon Brady <simon.brady@...go.ac.nz>
To: bugtraq@...urityfocus.com
Subject: Re: Scope of latest RealPlayer vuln


On Wed, 11 Feb 2004, I wrote:

> The Real Security Update notice at
> 
>    http://service.real.com/help/faq/security/040123_player/EN/
> 
> gives a download URL for the English RealPlayer v2 (build 6.0.11.872) and 
> instructs users of localised v2 players to use the Check for Updates menu 
> option in the product.
>   [...]
> Does anyone (NGSS?) have a list of precisely which versions are and aren't
> vulnerable? IMAO the Real notice is hopelessly vague on this.

The nice people at Real customer support have since provided the following 
details:

  "Please note that only the latest version of RealOne Player 6.0.11.872
   and the RealPlayer 10 version 6.0.12.690 has the security patch
   integrated in it."

--
Simon Brady                             mailto:simon.brady@...go.ac.nz
ITS Technical Services
University of Otago, Dunedin, New Zealand




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ