xine-lib 1.1.1+ubuntu2-7.9 source package in Ubuntu

Changelog

xine-lib (1.1.1+ubuntu2-7.9) dapper-security; urgency=low

  * SECURITY UPDATE: array index vulnerability
  * fix for src/libspeex/xine_decoder.c to properly validate its input
  * SECURITY UPDATE: buffer overflow in the NSF demuxer
  * fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup()
  * SECURITY UPDATE: integer overflows in Qt, Real, WC3Movie, Matroska and
    FILM demuxers
  * fix demux_film.c, demux_qt.c, demux_real.c, demux_wc3movie.c and ebml.c to
    check for failure of various memory allocations
  * SECURITY UPDATE: array index vulnerability
  * fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify
    size of stream_id and stream_count
  * SECURITY UPDATE: buffer overflow in the RTSP header-handling code
  * fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer
    sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238)
  * SECURITY UPDATE: buffer over in Matroska demuxer
  * fix src/demuxers/demux_matroska.c to use unsigned ints and check size of
    first_frame_size and frame_size, and return value of parse_ebml_sint() and
    parse_ebml_uint()
  * References
    CVE-2008-1686
    CVE-2008-1878
    CVE-2008-1482
    CVE-2008-0073
    CVE-2008-0225
    CVE-2008-0238
    CVE-2008-1161

 -- Jamie Strandboge <email address hidden>   Wed, 30 Jul 2008 16:22:17 -0400