Ubuntu
xine-lib package

xine-lib 1.1.1+ubuntu2-7.10 source package in Ubuntu

Changelog

xine-lib (1.1.1+ubuntu2-7.10) dapper-security; urgency=low

  * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
    - src/demuxers/demux_matroska.c: avoid segfault on invalid track type in
      Matroska files.
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=7b472fa486db;style=gitweb
    - misc/cdda_server.c: fix integer overflow in the the CDDA server.
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=30eb014e9b320035de309ee442ebbff6d405987b;style=gitweb
    - src/demuxers/demux_{ogg,avi}.c: fix crashes with fuzzed media files.
      (CVE-2008-3231)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=967a8e515380c0c9b9858125a054082145002d00;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=67bfec7af3472674ba7396bd468b7607339fe102;style=gitweb
    - src/demuxers/demux_{mng,mod}.c: add some checks for memory allocation
      failures. (CVE-2008-5233)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=35f09930323e46c92e521846b9ccdfd5e277ad16;style=gitweb
    - src/demuxers/demux_qt.c: fix heap overflow in Quicktime atom parsing.
      (CVE-2008-5234, CVE-2008-5242)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=6e81eec36701;style=gitweb
    - src/demuxers/demux_matroska.c: fix buffer overflows in Matroska demuxer.
      (CVE-2008-5236)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=e38bb4b22431123997a16a186fe8beb4edcfef87;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=8e125da9ecbe;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=b01a02595343;style=gitweb
    - src/demuxers/demux_{mng,qt}.c: fix integer overflows in MNG and QT
      demuxers. (CVE-2008-5237)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=9c97a9a9ba17a487116a198d80a74ec7879aa801;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=65f524e14623;style=gitweb
    - src/demuxers/{demux_matroska.c,demux_mod.c,id3.h}: use size_t for data
      length variables where there may be int overflows. (CVE-2008-5238)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a0830dddbd35625069506a9c49321317cbab8a2d;style=gitweb
    - src/{input,demuxers}/*.c: fix out-of-bounds reads and heap-based buffer
      overflows from unchecked or incompletely-checked read function results.
      (CVE-2008-5239)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=7fb21abb15e5a7311a2c157721ddfab0a47090ab;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=5df277a7eec3;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=f775929597b1c10142e51674ee02e041b1b87df4;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=e6efc6d566961ab231686c1ee18044f2d45a2b4a;style=gitweb
    - src/demuxers/demux_real.c: fix unchecked malloc using untrusted values.
      (CVE-2008-5240)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=01753933e6647ed29226f18e4489ce034b569d65;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=071dc93156e6940a7f1b8bb38762d521dd5731e8;style=gitweb
    - src/demuxers/demux_qt.c: fix integer underflow in qt compressed atom
      handling. (CVE-2008-5241)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a57d5ef86b65bcc195a5358125fdb34e10a37bb4;style=gitweb
    - src/demuxers/demux_real.c: fix buffer indexing using untrusted or
      unchecked values. (CVE-2008-5243)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=4982c9920f42657d0797145bf197127f18d8972c;style=gitweb
    - src/demuxers/id3.c: fix an exploitable ID3 heap buffer overflow.
      (CVE-2008-5246)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d766d92b7e7bb11de7b38482ebe8e9;style=gitweb
    - src/xine-engine/info_helper.c: fix crashes with MP3 files with metadata
      consisting only of separators. (CVE-2008-5248)
      * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=60ab5d2bdd82f00b10205f816a545337c9363134;style=gitweb

 -- Marc Deslauriers <email address hidden>   Wed, 21 Jan 2009 09:56:16 -0500

Upload details

Uploaded by:: Marc Deslauriers on 2009-01-22

Uploaded to:: Dapper

Original maintainer:: Siggi Langauf

Architectures:: any

Section:: libs

Urgency:: Low Urgency

See full publishing history Publishing

Series	Pocket	Published	Component	Section

Builds

Dapper: amd64 hppa i386 ia64 powerpc sparc

Downloads

File	Size	SHA-256 Checksum
xine-lib_1.1.1+ubuntu2.orig.tar.gz	5.8 MiB	36c2cb23601afc46db8f21e198312c0653caed5321615969b5eff65263dacd7e
xine-lib_1.1.1+ubuntu2-7.10.diff.gz	33.4 KiB	42e5ada22ff59debb09bc5a45e0a5be0a6ece9666dd76b84390f95fd46ce0023
xine-lib_1.1.1+ubuntu2-7.10.dsc	1.1 KiB	dd4ea3dca8011e614a1e8d2e8ec60423fe71be63ac172bac79d880b8e6846ee8

Available diffs

diff from 1.1.1+ubuntu2-7 (in Ubuntu) to 1.1.1+ubuntu2-7.10 (16.8 KiB)

View changes file

Binary packages built by this source

libxine-dev: No summary available for libxine-dev in ubuntu dapper.: No description available for libxine-dev in ubuntu dapper.

libxine-main1: No summary available for libxine-main1 in ubuntu dapper.: No description available for libxine-main1 in ubuntu dapper.

Ubuntuxine-lib package

xine-lib 1.1.1+ubuntu2-7.10 source package in Ubuntu

Changelog

Upload details

See full publishing history Publishing

Builds

Downloads

Available diffs

Binary packages built by this source

Ubuntu
xine-lib package