Change logs for xine-lib source package in Dapper

xine-lib (1.1.1+ubuntu2-7.12) dapper-security; urgency=low

  * SECURITY UPDATE: Integer overflow in the 4xm demuxer
    - src/demuxers/demux_4xm.c: Fix additional integer overflow, as
      previous fix was incomplete.
    - http://hg.debian.org/hg/xine-lib/xine-lib/rev/7799748cc0f2
    - CVE-2009-0698
  * SECURITY UPDATE: Integer overflow in the QT demuxer via large count
    value in an STTS atom
    - src/demuxers/demux_qt.c: validate atom size
    - http://hg.debian.org/hg/xine-lib/xine-lib/rev/d21a4564db03
    - CVE-2009-1274

 -- Marc Deslauriers <email address hidden>   Fri, 17 Apr 2009 13:23:54 -0400

xine-lib (1.1.1+ubuntu2-7.11) dapper-security; urgency=low

  * REGRESSION: Broken size checks in CVE-2008-5239 input plugins patch
    (LP: #322834)
    - src/input/input_*.c: fix the size checks broken by the previous
      security update.
    - http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=b11cc37934629a2965859163db6095fbbe2b44be;style=gitweb
    - CVE-2008-5239
  * SECURITY UPDATE: Integer overflow in the 4xm demuxer
    - src/demuxers/demux_4xm.c: Make sure we don't overflow
      fourxm->track_count.
    - http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=ba872682eba8a10217c48b7fe21f0fa763ef4af3;style=gitweb
    - CVE-2009-0698

 -- Marc Deslauriers <email address hidden>   Tue, 24 Mar 2009 10:34:15 -0400

xine-lib (1.1.1+ubuntu2-7.10) dapper-security; urgency=low

  * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
    - src/demuxers/demux_matroska.c: avoid segfault on invalid track type in
      Matroska files.
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=7b472fa486db;style=gitweb
    - misc/cdda_server.c: fix integer overflow in the the CDDA server.
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=30eb014e9b320035de309ee442ebbff6d405987b;style=gitweb
    - src/demuxers/demux_{ogg,avi}.c: fix crashes with fuzzed media files.
      (CVE-2008-3231)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=967a8e515380c0c9b9858125a054082145002d00;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=67bfec7af3472674ba7396bd468b7607339fe102;style=gitweb
    - src/demuxers/demux_{mng,mod}.c: add some checks for memory allocation
      failures. (CVE-2008-5233)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=35f09930323e46c92e521846b9ccdfd5e277ad16;style=gitweb
    - src/demuxers/demux_qt.c: fix heap overflow in Quicktime atom parsing.
      (CVE-2008-5234, CVE-2008-5242)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=6e81eec36701;style=gitweb
    - src/demuxers/demux_matroska.c: fix buffer overflows in Matroska demuxer.
      (CVE-2008-5236)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=e38bb4b22431123997a16a186fe8beb4edcfef87;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=8e125da9ecbe;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=b01a02595343;style=gitweb
    - src/demuxers/demux_{mng,qt}.c: fix integer overflows in MNG and QT
      demuxers. (CVE-2008-5237)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=9c97a9a9ba17a487116a198d80a74ec7879aa801;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=65f524e14623;style=gitweb
    - src/demuxers/{demux_matroska.c,demux_mod.c,id3.h}: use size_t for data
      length variables where there may be int overflows. (CVE-2008-5238)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a0830dddbd35625069506a9c49321317cbab8a2d;style=gitweb
    - src/{input,demuxers}/*.c: fix out-of-bounds reads and heap-based buffer
      overflows from unchecked or incompletely-checked read function results.
      (CVE-2008-5239)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=7fb21abb15e5a7311a2c157721ddfab0a47090ab;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=5df277a7eec3;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=f775929597b1c10142e51674ee02e041b1b87df4;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=e6efc6d566961ab231686c1ee18044f2d45a2b4a;style=gitweb
    - src/demuxers/demux_real.c: fix unchecked malloc using untrusted values.
      (CVE-2008-5240)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=01753933e6647ed29226f18e4489ce034b569d65;style=gitweb
      * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=071dc93156e6940a7f1b8bb38762d521dd5731e8;style=gitweb
    - src/demuxers/demux_qt.c: fix integer underflow in qt compressed atom
      handling. (CVE-2008-5241)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a57d5ef86b65bcc195a5358125fdb34e10a37bb4;style=gitweb
    - src/demuxers/demux_real.c: fix buffer indexing using untrusted or
      unchecked values. (CVE-2008-5243)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=4982c9920f42657d0797145bf197127f18d8972c;style=gitweb
    - src/demuxers/id3.c: fix an exploitable ID3 heap buffer overflow.
      (CVE-2008-5246)
      * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d766d92b7e7bb11de7b38482ebe8e9;style=gitweb
    - src/xine-engine/info_helper.c: fix crashes with MP3 files with metadata
      consisting only of separators. (CVE-2008-5248)
      * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=60ab5d2bdd82f00b10205f816a545337c9363134;style=gitweb

 -- Marc Deslauriers <email address hidden>   Wed, 21 Jan 2009 09:56:16 -0500

xine-lib (1.1.1+ubuntu2-7.9) dapper-security; urgency=low

  * SECURITY UPDATE: array index vulnerability
  * fix for src/libspeex/xine_decoder.c to properly validate its input
  * SECURITY UPDATE: buffer overflow in the NSF demuxer
  * fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup()
  * SECURITY UPDATE: integer overflows in Qt, Real, WC3Movie, Matroska and
    FILM demuxers
  * fix demux_film.c, demux_qt.c, demux_real.c, demux_wc3movie.c and ebml.c to
    check for failure of various memory allocations
  * SECURITY UPDATE: array index vulnerability
  * fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify
    size of stream_id and stream_count
  * SECURITY UPDATE: buffer overflow in the RTSP header-handling code
  * fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer
    sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238)
  * SECURITY UPDATE: buffer over in Matroska demuxer
  * fix src/demuxers/demux_matroska.c to use unsigned ints and check size of
    first_frame_size and frame_size, and return value of parse_ebml_sint() and
    parse_ebml_uint()
  * References
    CVE-2008-1686
    CVE-2008-1878
    CVE-2008-1482
    CVE-2008-0073
    CVE-2008-0225
    CVE-2008-0238
    CVE-2008-1161

 -- Jamie Strandboge <email address hidden>   Wed, 30 Jul 2008 16:22:17 -0400

xine-lib (1.1.1+ubuntu2-7.7) dapper-security; urgency=low

  * SECURITY UPDATE: DirectShow decoder heap overflow.
  * src/libw32dll/DirectShow/DS_VideoDecoder.c: ported mplayer fix.
  * References
    http://svn.mplayerhq.hu/mplayer?view=rev&revision=22205
    CVE-2007-1387

 -- Kees Cook <email address hidden>   Mon, 12 Mar 2007 13:44:40 -0700

xine-lib (1.1.1+ubuntu2-7.6) dapper-security; urgency=low

  * SECURITY UPDATE: DMO decoder heap overflow.
  * src/libw32dll/dmo/DMO_VideoDecoder.c: ported mplayer fix.
  * References
    http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204
    CVE-2007-1246

 -- Kees Cook <email address hidden>   Thu,  8 Mar 2007 12:29:18 -0800

xine-lib (1.1.1+ubuntu2-7.5) dapper-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution in realmedia.
  * src/realmedia/real.c: Fix buffer overflows, from upstream.
  * References
    https://sf.net/tracker/download.php?group_id=9655&atid=109655&file_id=204544&aid=1603470
    CVE-2006-6172

 -- Kees Cook <email address hidden>   Fri,  1 Dec 2006 15:13:27 -0800

xine-lib (1.1.1+ubuntu2-7.3) dapper-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution with crafted AVI index.
  * src/demuxers/demux_avi.c: Fix buffer overflow in AVI index size.
  * References
    - CVE-2006-4799
    - http://xine.cvs.sourceforge.net/xine/xine-lib/src/demuxers/demux_avi.c?r1=1.224&r2=1.225

 -- Kees Cook <email address hidden>   Fri, 29 Sep 2006 10:36:07 -0700

xine-lib (1.1.1+ubuntu2-7.2) dapper-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution with crafted streams.
  * src/input/mms[h].c: Fix multiple buffer overflows in embedded libmms,
    thanks to patch from Matthias Hopf.
  * src/input/input_http.c: Fixed previous security patch (s/buflen/BUFSIZE).

 -- Martin Pitt <email address hidden>   Tue, 11 Jul 2006 18:02:26 +0000

xine-lib (1.1.1+ubuntu2-7.1) dapper-security; urgency=low

  * SECURITY UPDATE: Remote DoS and probably code execution.
  * src/input/input_http.c:
    - Fix buffer overflow in http_plugin_open().
    - Patch from upstream CVS.
    - CVE-2006-2802

 -- Martin Pitt <email address hidden>   Tue,  6 Jun 2006 15:53:56 +0200

xine-lib (1.1.1+ubuntu2-7) dapper; urgency=low

  * Stop shipping the arts plugin as it useless according to upstream and
    tends to break things. (Ubuntu: #44462)
    http://bugzilla.gnome.org/show_bug.cgi?id=327928

 -- Sebastian Dröge <email address hidden>   Sun, 14 May 2006 17:07:26 +0200

xine-lib (1.1.1+ubuntu2-6) dapper; urgency=low

  * Move the dependencies for the new gdk-pixbuf decoder to Recommends to make
    the kubuntu guys happy again.

 -- Sebastian Dröge <email address hidden>   Wed, 22 Mar 2006 22:20:57 +0100

xine-lib (1.1.1+ubuntu2-5) dapper; urgency=low

  * Added gdk-pixbuf decoder from CVS, add libgtk2.0-dev to Build-Depends.
    Fixed image detection code in src/demuxers/demux_image.c (Closes: Malone
    #35896)

 -- Sebastian Dröge <email address hidden>   Wed, 22 Mar 2006 19:47:40 +0100

xine-lib (1.1.1+ubuntu2-4) dapper; urgency=low

  * src/post/goom/goomsl_lex.c: Fix buffer overflow in generated flex scanner;
    surprisingly there is no flex source file in the package. (CVE-2006-0459)

 -- Martin Pitt <email address hidden>   Thu,  2 Mar 2006 14:45:02 +0100

xine-lib (1.1.1+ubuntu2-3) dapper; urgency=low


  * Fix vis ARCH_OPT_CFLAGS. This revert the previous change in debian/rules.
    Patch by David Miller.

 -- Fabio M. Di Nitto <email address hidden>  Tue, 31 Jan 2006 11:55:34 +0100

xine-lib (1.1.1+ubuntu2-2) dapper; urgency=low


  * Enable workaround to build on sparc:
    For some reasons gcc is generating asm code that is not v7 compatible
    using registers that simply don't exist on that architecture.
    Since we don't support such old doorstoppers, pass -mcpu=v9 and get over
    it. Clearly this is not a clean solution but it will do for now.

 -- Fabio M. Di Nitto <email address hidden>  Sat, 28 Jan 2006 13:53:32 +0100

xine-lib (1.1.1+ubuntu2-1) dapper; urgency=low


  * Remove the mad plugin
  * Remove READMEs for other system

 -- Sebastian Dröge <email address hidden>  Fri, 20 Jan 2006 17:50:15 +0100

xine-lib (1.1.1-0ubuntu4) dapper; urgency=low


  * SECURITY UPDATE: Fix arbitrary code execution with crafted PNG images in
    embedded ffmpeg copy.
  * src/libffmpeg/libavcodec/utils.c, avcodec_default_get_buffer(): Apply
    upstream patch to fix buffer overflow on decoding of small PIX_FMT_PAL8
    PNG files.
  * References:
    CVE-2005-4048
    http://mplayerhq.hu/pipermail/ffmpeg-devel/2005-November/005333.html
    http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/
    utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg

 -- Martin Pitt <email address hidden>  Thu, 15 Dec 2005 13:13:45 +0100