Format: 1.7 Date: Wed, 30 Jul 2008 16:22:17 -0400 Source: xine-lib Binary: libxine-dev libxine-main1 Architecture: amd64_translations amd64 hppa_translations hppa i386_translations i386 ia64_translations ia64 powerpc_translations powerpc source sparc_translations sparc Version: 1.1.1+ubuntu2-7.9 Distribution: dapper-security Urgency: low Maintainer: Siggi Langauf Changed-By: Jamie Strandboge Description: libxine-dev - the xine video player library, development packages libxine-main1 - the xine video/media player library, binary files Changes: xine-lib (1.1.1+ubuntu2-7.9) dapper-security; urgency=low . * SECURITY UPDATE: array index vulnerability * fix for src/libspeex/xine_decoder.c to properly validate its input * SECURITY UPDATE: buffer overflow in the NSF demuxer * fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup() * SECURITY UPDATE: integer overflows in Qt, Real, WC3Movie, Matroska and FILM demuxers * fix demux_film.c, demux_qt.c, demux_real.c, demux_wc3movie.c and ebml.c to check for failure of various memory allocations * SECURITY UPDATE: array index vulnerability * fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify size of stream_id and stream_count * SECURITY UPDATE: buffer overflow in the RTSP header-handling code * fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238) * SECURITY UPDATE: buffer over in Matroska demuxer * fix src/demuxers/demux_matroska.c to use unsigned ints and check size of first_frame_size and frame_size, and return value of parse_ebml_sint() and parse_ebml_uint() * References CVE-2008-1686 CVE-2008-1878 CVE-2008-1482 CVE-2008-0073 CVE-2008-0225 CVE-2008-0238 CVE-2008-1161 Files: 84bb0ee2f6090e64162ff2f2a0f020f1 116324 libdevel optional libxine-dev_1.1.1+ubuntu2-7.9_amd64.deb 1a99049356180801943cf96c0263fe28 2616066 libs optional libxine-main1_1.1.1+ubuntu2-7.9_amd64.deb 5f06dded3e278a0465e8f0ecbbb553e3 587155 raw-translations - xine-lib_1.1.1+ubuntu2-7.9_amd64_translations.tar.gz 726f79a02b5a0772e524f71426dcbc4f 116358 libdevel optional libxine-dev_1.1.1+ubuntu2-7.9_hppa.deb baaab904f3a6943e83d21f61d821171c 2825952 libs optional libxine-main1_1.1.1+ubuntu2-7.9_hppa.deb 19f74785689238c11dc8c1738c65c732 587160 raw-translations - xine-lib_1.1.1+ubuntu2-7.9_hppa_translations.tar.gz 6dc097583c9ad936b94ced44a8616c27 116320 libdevel optional libxine-dev_1.1.1+ubuntu2-7.9_i386.deb acfa8daaf8ea120c1beadc1926eaf08d 2935352 libs optional libxine-main1_1.1.1+ubuntu2-7.9_i386.deb f58ab3f00952060fa91e6f7f047f5a02 587159 raw-translations - xine-lib_1.1.1+ubuntu2-7.9_i386_translations.tar.gz 99828d712be18484c2e3d05301d56f4f 116320 libdevel optional libxine-dev_1.1.1+ubuntu2-7.9_ia64.deb 32261d0a07080e1235f3b0f6b7653e8e 3351128 libs optional libxine-main1_1.1.1+ubuntu2-7.9_ia64.deb 84f02cbd3febe8a3327eaf4e95c0495f 587171 raw-translations - xine-lib_1.1.1+ubuntu2-7.9_ia64_translations.tar.gz c35db71e1841640f35b6eb7010baf3d3 116334 libdevel optional libxine-dev_1.1.1+ubuntu2-7.9_powerpc.deb 0d578184c6e857aca6d0ccccbdf97f2a 2726444 libs optional libxine-main1_1.1.1+ubuntu2-7.9_powerpc.deb adacce0a76aa8319ab7be5091b2a9f38 587160 raw-translations - xine-lib_1.1.1+ubuntu2-7.9_powerpc_translations.tar.gz f70db346860ad8541f3681154e9bf3bc 1113 libs optional xine-lib_1.1.1+ubuntu2-7.9.dsc c709cf6894d6425dd46e8f132615573c 25244 libs optional xine-lib_1.1.1+ubuntu2-7.9.diff.gz c0c39eb2bfe2a4068528bd73c4892fcb 116340 libdevel optional libxine-dev_1.1.1+ubuntu2-7.9_sparc.deb 89d889a9c3c508c1f122511a9536f7c2 2592618 libs optional libxine-main1_1.1.1+ubuntu2-7.9_sparc.deb 56a25ce67fd6e2bfd49286e460406bab 587169 raw-translations - xine-lib_1.1.1+ubuntu2-7.9_sparc_translations.tar.gz