© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
in the mean time, a bugfix only release (1.1.11.1) has been uploaded to debian, here is the changelog diff:
+++ b/ChangeLog Sun Mar 30 15:43:16 2008 +0100
@@ -1,3 +1,14 @@ xine-lib (1.1.11) 2008-03-19
+xine-lib (1.1.11.1) 2008-03-30
+ * Security fixes:
+ - Integer overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM
+ demuxers, allowing remote attackers to trigger heap overflows and
+ possibly execute arbitrary code. (CVE-2008-1482)
+ * Added a few more memory allocation checks to the above demuxers.
+ * WAV file playback fix: don't assume that the first chunk is "fmt ".
+ * Don't try to play partial 24-bit AIFF frames (decoder would lose data).
+ * Fixed AIFF comment chunk handling and sample rate reading.
+ * LPCM fixes: input over-reading, conversion of 24-bit samples.
+
I'd suggest now skipping 1.1.11, and go directly to 1.1.11.1.