An integer overflow has been discovered in helix-player, the helix
audio and video player. This flaw could allow a remote attacker to
run arbitrary code on a victims computer by supplying a specially
crafted network resource.
The old stable distribution (woody) does not contain a helix-player
package.
For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-1sarge2.
For the unstable distribution (sid) these problems have been fixed in
version 1.0.6-1.
We recommend that you upgrade your helix-player package.