Format: 1.7
Date: Wed, 21 Jan 2009 09:17:17 -0500
Source: xine-lib
Binary: libxine1-doc libxine1 libxine1-bin libxine-dev libxine1-ffmpeg libxine1-gnome libxine1-console libxine1-x libxine1-misc-plugins libxine1-dbg libxine1-plugins libxine1-all-plugins
Architecture: all i386_translations i386
Version: 1.1.11.1-1ubuntu3.2
Distribution: hardy
Urgency: low
Maintainer: Ubuntu/i386 Build Daemon <buildd@vernadsky.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libxine-dev - the xine video player library, development packages
 libxine1   - the xine video/media player library, meta-package
 libxine1-all-plugins - the xine video/media player library, meta package
 libxine1-bin - the xine video/media player library, binary files
 libxine1-console - libaa/libcaca/framebuffer/directfb related plugins for libxine1
 libxine1-dbg - debug symbols for libxine1
 libxine1-doc - the xine video player library, documentation files
 libxine1-ffmpeg - MPEG-related plugins for libxine1
 libxine1-gnome - GNOME-related plugins for libxine1
 libxine1-misc-plugins - Input, audio output and post plugins for libxine1
 libxine1-plugins - the xine video/media player library, meta package
 libxine1-x - X desktop video output plugins for libxine1
Changes: 
 xine-lib (1.1.11.1-1ubuntu3.2) hardy-security; urgency=low
 .
   * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
     - src/demuxers/demux_matroska.c: avoid segfault on invalid track type in
       Matroska files.
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=7b472fa486db;style=gitweb
     - src/combined/ffmpeg/ff_video_decoder.c: fix heap buffer overflow in the
       ffmpeg video decoder.
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=ffb2e82d7bb77e87492734f72c2e5d21fb9ad2c0;style=gitweb
     - misc/cdda_server.c: fix integer overflow in the the CDDA server.
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=30eb014e9b320035de309ee442ebbff6d405987b;style=gitweb
     - src/demuxers/demux_{ogg,avi,asf}.c: fix crashes with fuzzed media files.
       (CVE-2008-3231)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=967a8e515380c0c9b9858125a054082145002d00;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=67bfec7af3472674ba7396bd468b7607339fe102;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=4519eeeda3b3a20489b3699693d801c3696221da;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18059453374c49ebfc9660dcc34acc28afa57d17;style=gitweb
     - src/demuxers/demux_{mng,mod}.c: add some checks for memory allocation
       failures. (CVE-2008-5233)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=35f09930323e46c92e521846b9ccdfd5e277ad16;style=gitweb
     - src/demuxers/demux_qt.c: fix heap overflow in Quicktime atom parsing.
       (CVE-2008-5234, CVE-2008-5242)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=6e81eec36701;style=gitweb
     - src/demuxers/demux_matroska.c: fix buffer overflows in Matroska demuxer.
       (CVE-2008-5236)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=e38bb4b22431123997a16a186fe8beb4edcfef87;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=8e125da9ecbe;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=b01a02595343;style=gitweb
     - src/demuxers/demux_{mng,qt}.c: fix integer overflows in MNG and QT
       demuxers. (CVE-2008-5237)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=9c97a9a9ba17a487116a198d80a74ec7879aa801;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=65f524e14623;style=gitweb
     - src/demuxers/{demux_matroska.c,demux_mod.c,id3.h}: use size_t for data
       length variables where there may be int overflows. (CVE-2008-5238)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a0830dddbd35625069506a9c49321317cbab8a2d;style=gitweb
     - src/{input,demuxers}/*.c: fix out-of-bounds reads and heap-based buffer
       overflows from unchecked or incompletely-checked read function results.
       (CVE-2008-5239)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=7fb21abb15e5a7311a2c157721ddfab0a47090ab;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=5df277a7eec3;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=f775929597b1c10142e51674ee02e041b1b87df4;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=e6efc6d566961ab231686c1ee18044f2d45a2b4a;style=gitweb
     - src/demuxers/demux_real.c: fix unchecked malloc using untrusted values.
       (CVE-2008-5240)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=01753933e6647ed29226f18e4489ce034b569d65;style=gitweb
       * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=071dc93156e6940a7f1b8bb38762d521dd5731e8;style=gitweb
     - src/demuxers/demux_qt.c: fix integer underflow in qt compressed atom
       handling. (CVE-2008-5241)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a57d5ef86b65bcc195a5358125fdb34e10a37bb4;style=gitweb
     - src/demuxers/demux_real.c: fix buffer indexing using untrusted or
       unchecked values. (CVE-2008-5243)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=4982c9920f42657d0797145bf197127f18d8972c;style=gitweb
     - src/libfaad/*: updated to libfaad 2.6.1 to fix crashes with corrupted
       AAC files. (CVE-2008-5244)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18c0264660b951b8e5672f1a66d1bcecdfeb6ea8;style=gitweb
     - src/demuxers/id3.c: fix an exploitable ID3 heap buffer overflow.
       (CVE-2008-5246)
       * http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d766d92b7e7bb11de7b38482ebe8e9;style=gitweb
     - src/xine-engine/info_helper.c: fix crashes with MP3 files with metadata
       consisting only of separators. (CVE-2008-5248)
       * http://hg.debian.org/hg/xine-lib/xine-lib/?cmd=changeset;node=60ab5d2bdd82f00b10205f816a545337c9363134;style=gitweb
Files: 
 5400616c6d371a9cc6790f1cbae3a409 143134 doc optional libxine1-doc_1.1.11.1-1ubuntu3.2_all.deb
 83f16b75415639618a8480cd13e4fa2e 598955 raw-translations - xine-lib_1.1.11.1-1ubuntu3.2_i386_translations.tar.gz
 cebffda4121f80ca8ee557c01df29f5f 53324 libs extra libxine1-plugins_1.1.11.1-1ubuntu3.2_all.deb
 416756efb11283adc307eeac638ab033 53330 libs extra libxine1-all-plugins_1.1.11.1-1ubuntu3.2_all.deb
 c127845119f283df784378d2ee16a4dd 1314 libs optional libxine1_1.1.11.1-1ubuntu3.2_i386.deb
 298d760d8705da2e950338ac191ac71c 1329338 libs optional libxine1-bin_1.1.11.1-1ubuntu3.2_i386.deb
 c465629e707860eb5c571320097530a5 328274 libdevel optional libxine-dev_1.1.11.1-1ubuntu3.2_i386.deb
 c662bf12d984ab728ecb475efc43f302 397114 libs optional libxine1-ffmpeg_1.1.11.1-1ubuntu3.2_i386.deb
 f5f92395f7663d6edc2651e213b6faa1 14742 libs optional libxine1-gnome_1.1.11.1-1ubuntu3.2_i386.deb
 69bbc29883b09954024852cc5faa55d5 58112 libs extra libxine1-console_1.1.11.1-1ubuntu3.2_i386.deb
 22ed03c47dc3392e2ae498ea9b40fb02 203446 libs optional libxine1-x_1.1.11.1-1ubuntu3.2_i386.deb
 4f3fc9cf9a7b11b4d4b97cc6d63ebefc 927890 libs optional libxine1-misc-plugins_1.1.11.1-1ubuntu3.2_i386.deb
 42ee1af149423d47b237c86e0cdd16da 4053480 libs extra libxine1-dbg_1.1.11.1-1ubuntu3.2_i386.deb
Original-Maintainer: Reinhard Tartler <siretart@tauware.de>