xine-lib 1.1.1+ubuntu2-7.9 source package in Ubuntu
Changelog
xine-lib (1.1.1+ubuntu2-7.9) dapper-security; urgency=low * SECURITY UPDATE: array index vulnerability * fix for src/libspeex/xine_decoder.c to properly validate its input * SECURITY UPDATE: buffer overflow in the NSF demuxer * fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup() * SECURITY UPDATE: integer overflows in Qt, Real, WC3Movie, Matroska and FILM demuxers * fix demux_film.c, demux_qt.c, demux_real.c, demux_wc3movie.c and ebml.c to check for failure of various memory allocations * SECURITY UPDATE: array index vulnerability * fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify size of stream_id and stream_count * SECURITY UPDATE: buffer overflow in the RTSP header-handling code * fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238) * SECURITY UPDATE: buffer over in Matroska demuxer * fix src/demuxers/demux_matroska.c to use unsigned ints and check size of first_frame_size and frame_size, and return value of parse_ebml_sint() and parse_ebml_uint() * References CVE-2008-1686 CVE-2008-1878 CVE-2008-1482 CVE-2008-0073 CVE-2008-0225 CVE-2008-0238 CVE-2008-1161 -- Jamie Strandboge <email address hidden> Wed, 30 Jul 2008 16:22:17 -0400
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Dapper
- Original maintainer:
- Siggi Langauf
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
xine-lib_1.1.1+ubuntu2.orig.tar.gz | 5.8 MiB | 36c2cb23601afc46db8f21e198312c0653caed5321615969b5eff65263dacd7e |
xine-lib_1.1.1+ubuntu2-7.9.diff.gz | 24.7 KiB | 48cf655e83df969b5aa40d635fe8ca840677e84e959b014f00273aa53c3a413c |
xine-lib_1.1.1+ubuntu2-7.9.dsc | 1.1 KiB | ca603141caee23b44c4c230ac1efc9540a53a733eacb47db0b4af39c97af6f8d |
Available diffs
Binary packages built by this source
- libxine-dev: No summary available for libxine-dev in ubuntu dapper.
No description available for libxine-dev in ubuntu dapper.
- libxine-main1: No summary available for libxine-main1 in ubuntu dapper.
No description available for libxine-main1 in ubuntu dapper.