-
xine-lib (1.1.4-2ubuntu3.1) feisty-security; urgency=low
* SECURITY UPDATE: array index vulnerability
* fix for src/libspeex/xine_decoder.c to properly validate its input
* SECURITY UPDATE: buffer overflow in the NSF demuxer
* fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup()
* SECURITY UPDATE: integer overflows in FLV, Qt, Real, WC3Movie, Matroska
and FILM demuxers
* fix demux_film.c, demux_flv.c, demux_qt.c, demux_real.c, demux_wc3movie.c
and ebml.c to check for failure of various memory allocations
* SECURITY UPDATE: array index vulnerability
* fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify
size of stream_id and stream_count
* SECURITY UPDATE: buffer overflow in the RTSP header-handling code
* fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer
sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238)
* SECURITY UPDATE: buffer overflow in FLAC processing
* fix for src/demuxers/demux_flac.c to check buffer lengths and leave room
for NUL termination
* SECURITY UPDATE: fix buffer overflow in ASF demuxer as demonstrated by
exploit code for CVE-2006-1664
* fix src/demuxers/demux_asf.c to check the size of asf_header_len
* SECURITY UPDATE: buffer over in Matroska demuxer
* fix src/demuxers/demux_matroska.c to use unsigned ints and check size of
first_frame_size and frame_size, and return value of parse_ebml_sint() and
parse_ebml_uint()
* References
CVE-2008-1686
CVE-2008-1878
CVE-2008-1482
CVE-2008-0073
CVE-2008-0225
CVE-2008-0238
CVE-2008-0486
CVE-2008-1110
CVE-2008-1161
-- Jamie Strandboge <email address hidden> Wed, 30 Jul 2008 16:01:44 -0400
-
xine-lib (1.1.4-2ubuntu3) feisty; urgency=low
* SECURITY UPDATE: DS decoder heap overflow.
* src/libw32dll/DirectShow/DS_VideoDecoder.c: ported mplayer fix.
* References
http://svn.mplayerhq.hu/mplayer?view=rev&revision=22205
-- Kees Cook <email address hidden> Fri, 9 Mar 2007 10:11:22 -0800
-
xine-lib (1.1.4-2ubuntu2) feisty; urgency=low
* SECURITY UPDATE: DMO decoder heap overflow.
* src/libw32dll/dmo/DMO_VideoDecoder.c: ported mplayer fix.
* References
http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204
CVE-2007-1246
-- Kees Cook <email address hidden> Thu, 8 Mar 2007 12:24:15 -0800
-
xine-lib (1.1.4-2ubuntu1) feisty; urgency=low
* Don't compile xine with -mpreferred-stack-boundary=2, because ffmpeg
expects the stack to be aligned. Patch already aplied Upstream.
(LP: #89537)
-- Reinhard Tartler <email address hidden> Tue, 6 Mar 2007 22:44:43 +0100
-
xine-lib (1.1.4-1ubuntu3) feisty; urgency=low
* fix FTBFS on sparc: add missing -I$(top_srcdir)/src/libffmpeg
directive to CPPFLAGS so that ffmpeg_config.h is in the include dir
-- Reinhard Tartler <email address hidden> Fri, 9 Feb 2007 15:34:23 +0100
-
xine-lib (1.1.4-1ubuntu2) feisty; urgency=low
* install shlibs.local file to tighten dependency on libxine1
* add build dependency on libmagick9-dev to build to
dmx_image and decoder_image plugin. Also add them to libxine1.install
* install the xine(5) manpage to package libxine1
* Bumb shlibs file (forgotten in 1.1.4-1)
-- Reinhard Tartler <email address hidden> Sun, 4 Feb 2007 09:05:58 +0100
-
xine-lib (1.1.4-1ubuntu1) feisty; urgency=low
* merge new upstream release from debian
xine-lib (1.1.4-1) experimental; urgency=low
* New upstream release!
* Tons of bugfixes, see /usr/share/doc/libxine1/changelog.gz
* Now playes sound in *.flv files (Closes: #396161)
* use internal ffmpeg copy for now, since debian's copy is too old :(
Will reenable building against debian's ffmpeg ASAP.
* add libpulse-dev to build depends, enable pulseaudio support
-- Reinhard Tartler <email address hidden> Mon, 29 Jan 2007 15:48:31 +0100
-
xine-lib (1.1.3-1ubuntu2) feisty; urgency=low
* debian/control: Add libpulse-dev to build dependencies to enable
PulseAudio output support.
* debian/libxine1.install: Add xineplug_ao_out_pulseaudio.so to
list of installed plugins.
-- Daniel T Chen <email address hidden> Wed, 24 Jan 2007 23:31:42 -0500
-
xine-lib (1.1.3-1ubuntu1) feisty; urgency=low
* Introduce new package libxine-extracodecs to faciliate upgrades
* merge from 1.1.3 branch for debian/experimental.
* additional patch: fix ftbfs on kFreeBSD
* ubuntu specific changes:
- libxine-main1 and libxine1-ffmpeg dummy package for upgrades from
dapper. Keep this package until (and including) the next LTS
release of ubuntu!
-- Reinhard Tartler <email address hidden> Wed, 3 Jan 2007 22:12:20 +0100
-
xine-lib (1.1.3-0ubuntu1) feisty; urgency=low
* merge from unreleased 1.1.3 branch targeted for debian. ubuntu
specific changes:
- libxine-main1 dummy package for upgrades from dapper. Keep this
package until (and including) the next LTS release of ubuntu!
xine-lib (1.1.3-0) UNRELEASED; urgency=low
* New upstream fixes: "support for xvid files", thanks to
\[ATR\]Dj-Death (Closes: #319805).
* plays vorbis files again (Closes: #400274)
* Introduce new packages: libxine1-ffmpeg and libxine1-gnome to tighten
dependencies.
- splitting out libxine1-gnome works around Bug: "libxine1: remote
streams do not work without non-dependency libgnomevfs2-0", thanks to
Michael Marsh (Bug: #309040).
- splitting out libxine-kde works around bugs #257368, #354437
* built against internal ffmpeg
* Bump to debhelper compat 5
* disable gdk (fixing ftbfs) and vidix (as being unmaintained) for
now. Please contact me if you are willing and able to test it
extensively
* apply textrel patch from gentoo
* add transfig, gs, sgmltools-lite to build deps to build developer
documentation as well
* disable jack output plugin because jack is not in main
* make libxine1 recommend libxine1-ffmpeg so it gets installed by default
[Darren Salt]
* Updated the watch file - should work regardless of changes at Souceforge.
-- Reinhard Tartler <email address hidden> Tue, 2 Jan 2007 23:05:20 +0100
-
xine-lib (1.1.2+repacked1-0ubuntu3) edgy; urgency=low
* Change in src/demuxers/demux_shn.c for *.shn
playback fixing "no stream present"
* Closes Malone: #63130
-- Brandon Holtsclaw <email address hidden> Fri, 6 Oct 2006 05:33:19 -0500
