xine-lib 1.1.7-1ubuntu1.3 source package in Ubuntu

Changelog

xine-lib (1.1.7-1ubuntu1.3) gutsy-security; urgency=low

  * SECURITY UPDATE: array index vulnerability
  * fix for src/libxineadec/xine_speex_decoder.c to properly validate its
    input
  * SECURITY UPDATE: buffer overflow in the NSF demuxer
  * fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup()
  * SECURITY UPDATE: integer overflows in FLV, Qt, Real, WC3Movie, Matroska
    and FILM demuxers
  * fix demux_film.c, demux_flv.c, demux_qt.c, demux_real.c, demux_wc3movie.c
    and ebml.c to check for failure of various memory allocations
  * SECURITY UPDATE: array index vulnerability
  * fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify
    size of stream_id and stream_count
  * SECURITY UPDATE: buffer overflow in the RTSP header-handling code
  * fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer
    sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238)
  * SECURITY UPDATE: buffer overflow in FLAC processing
  * fix for src/demuxers/demux_flac.c to check buffer lengths and leave room
    for NUL termination
  * SECURITY UPDATE: fix buffer overflow in ASF demuxer as demonstrated by
    exploit code for CVE-2006-1664
  * fix src/demuxers/demux_asf.c to check the size of asf_header_len
  * SECURITY UPDATE: buffer over in Matroska demuxer
  * fix src/demuxers/demux_matroska.c to use unsigned ints and check size of
    first_frame_size and frame_size, and return value of parse_ebml_sint() and
    parse_ebml_uint()
  * References
    CVE-2008-1686
    CVE-2008-1878
    CVE-2008-1482
    CVE-2008-0073
    CVE-2008-0225
    CVE-2008-0238
    CVE-2008-0486
    CVE-2008-1110
    CVE-2008-1161

 -- Jamie Strandboge <email address hidden>   Wed, 30 Jul 2008 15:57:21 -0400

Upload details

Uploaded by:
Jamie Strandboge on 2008-08-06
Uploaded to:
Gutsy
Original maintainer:
Reinhard Tartler
Architectures:
any
Section:
libs
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xine-lib_1.1.7.orig.tar.gz 8.5 MiB 9f7b405597b948f134becf0126ff1f1ecb9ddfeeb4987f26617c9783f1ae51da
xine-lib_1.1.7-1ubuntu1.3.diff.gz 27.1 KiB 26af952c460207c6ca7a02d2e2542024a61d267cf820fb85ea98c8150292f0b0
xine-lib_1.1.7-1ubuntu1.3.dsc 1.6 KiB 7cf860ab9729b156e79910308018dcc75ce525e02b403aee305e3d2538bf92c4

View changes file

Binary packages built by this source

libxine-dev: No summary available for libxine-dev in ubuntu gutsy.

No description available for libxine-dev in ubuntu gutsy.

libxine1: No summary available for libxine1 in ubuntu gutsy.

No description available for libxine1 in ubuntu gutsy.

libxine1-console: No summary available for libxine1-console in ubuntu gutsy.

No description available for libxine1-console in ubuntu gutsy.

libxine1-dbg: No summary available for libxine1-dbg in ubuntu gutsy.

No description available for libxine1-dbg in ubuntu gutsy.

libxine1-doc: No summary available for libxine1-doc in ubuntu gutsy.

No description available for libxine1-doc in ubuntu gutsy.

libxine1-ffmpeg: No summary available for libxine1-ffmpeg in ubuntu gutsy.

No description available for libxine1-ffmpeg in ubuntu gutsy.

libxine1-gnome: No summary available for libxine1-gnome in ubuntu gutsy.

No description available for libxine1-gnome in ubuntu gutsy.

libxine1-plugins: No summary available for libxine1-plugins in ubuntu gutsy.

No description available for libxine1-plugins in ubuntu gutsy.