xine-lib 1.1.4-2ubuntu3.1 source package in Ubuntu

Changelog

xine-lib (1.1.4-2ubuntu3.1) feisty-security; urgency=low

  * SECURITY UPDATE: array index vulnerability
  * fix for src/libspeex/xine_decoder.c to properly validate its input
  * SECURITY UPDATE: buffer overflow in the NSF demuxer
  * fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup()
  * SECURITY UPDATE: integer overflows in FLV, Qt, Real, WC3Movie, Matroska
    and FILM demuxers
  * fix demux_film.c, demux_flv.c, demux_qt.c, demux_real.c, demux_wc3movie.c
    and ebml.c to check for failure of various memory allocations
  * SECURITY UPDATE: array index vulnerability
  * fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify
    size of stream_id and stream_count
  * SECURITY UPDATE: buffer overflow in the RTSP header-handling code
  * fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer
    sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238)
  * SECURITY UPDATE: buffer overflow in FLAC processing
  * fix for src/demuxers/demux_flac.c to check buffer lengths and leave room
    for NUL termination
  * SECURITY UPDATE: fix buffer overflow in ASF demuxer as demonstrated by
    exploit code for CVE-2006-1664
  * fix src/demuxers/demux_asf.c to check the size of asf_header_len
  * SECURITY UPDATE: buffer over in Matroska demuxer
  * fix src/demuxers/demux_matroska.c to use unsigned ints and check size of
    first_frame_size and frame_size, and return value of parse_ebml_sint() and
    parse_ebml_uint()
  * References
    CVE-2008-1686
    CVE-2008-1878
    CVE-2008-1482
    CVE-2008-0073
    CVE-2008-0225
    CVE-2008-0238
    CVE-2008-0486
    CVE-2008-1110
    CVE-2008-1161

 -- Jamie Strandboge <email address hidden>   Wed, 30 Jul 2008 16:01:44 -0400

Upload details

Uploaded by:
Jamie Strandboge on 2008-08-06
Uploaded to:
Feisty
Original maintainer:
Reinhard Tartler
Architectures:
any
Section:
libs
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xine-lib_1.1.4.orig.tar.gz 8.2 MiB 1de93c996645c966585a45a622dbaeeaa4b60f866a12b230bae3308209175eab
xine-lib_1.1.4-2ubuntu3.1.diff.gz 28.8 KiB 050b022febc09b3dc2fcbfa65fef3bc7e327f568d4d67b4dc64df1711d9ffaa7
xine-lib_1.1.4-2ubuntu3.1.dsc 1.2 KiB bd92a9c28cd4e7b3474197c037489e942be7a1753f5b0e3cf198f4cf5c33d0c4

View changes file

Binary packages built by this source

libxine-dev: No summary available for libxine-dev in ubuntu feisty.

No description available for libxine-dev in ubuntu feisty.

libxine-extracodecs: No summary available for libxine-extracodecs in ubuntu feisty.

No description available for libxine-extracodecs in ubuntu feisty.

libxine-main1: No summary available for libxine-main1 in ubuntu feisty.

No description available for libxine-main1 in ubuntu feisty.

libxine1: No summary available for libxine1 in ubuntu feisty.

No description available for libxine1 in ubuntu feisty.

libxine1-console: No summary available for libxine1-console in ubuntu feisty.

No description available for libxine1-console in ubuntu feisty.

libxine1-dbg: No summary available for libxine1-dbg in ubuntu feisty.

No description available for libxine1-dbg in ubuntu feisty.

libxine1-ffmpeg: No summary available for libxine1-ffmpeg in ubuntu feisty.

No description available for libxine1-ffmpeg in ubuntu feisty.

libxine1-gnome: No summary available for libxine1-gnome in ubuntu feisty.

No description available for libxine1-gnome in ubuntu feisty.

libxine1-kde: No summary available for libxine1-kde in ubuntu feisty.

No description available for libxine1-kde in ubuntu feisty.

libxine1-plugins: No summary available for libxine1-plugins in ubuntu feisty.

No description available for libxine1-plugins in ubuntu feisty.