* SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
- debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
invalid track type in Matroska files.
- debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
overflow in the ffmpeg video decoder.
- debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
in the ffmpeg audio decoder
- debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
in the the CDDA server.
- debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
- debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
- debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
MNG and QT demuxers. (CVE-2008-5237)
- debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
heap-based buffer overflows from unchecked or incompletely-checked read
function results. (CVE-2008-5239)
- debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
untrusted values. (CVE-2008-5240)
- debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
compressed atom handling. (CVE-2008-5241)
- debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
untrusted or unchecked values. (CVE-2008-5243)
This bug was fixed in the package xine-lib - 1.1.15- 0ubuntu3. 1intrepid1
--------------- 0ubuntu3. 1intrepid1) intrepid-proposed; urgency=low
xine-lib (1.1.15-
* Merge 1.1.15-0ubuntu3.1.
xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low
* SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo: patches/ 01_SECURITY_ invalid_ track_type. dpatch: Avoid segfault on patches/ 02_SECURITY_ ffmpeg_ video_overflow. dpatch: Heap buffer patches/ 03_SECURITY_ ffmpeg_ audio_overflow. dpatch: Integer overflow patches/ 04_SECURITY_ cdda_server_ overflow. dpatch: Integer overflow patches/ 05_SECURITY_ CVE-2008- 5234.dpatch: Heap overflow and patches/ 06_SECURITY_ CVE-2008- 5236.dpatch: Buffer overflows in patches/ 07_SECURITY_ CVE-2008- 5237.dpatch: Integer overflows in patches/ 08_SECURITY_ CVE-2008- 5239.dpatch: Out-of-bounds reads and checked read patches/ 09_SECURITY_ CVE-2008- 5240.dpatch: Unchecked malloc using patches/ 10_SECURITY_ CVE-2008- 5241.dpatch: Integer underflow in qt patches/ 11_SECURITY_ CVE-2008- 5243.dpatch: Buffer indexing using
- debian/
invalid track type in Matroska files.
- debian/
overflow in the ffmpeg video decoder.
- debian/
in the ffmpeg audio decoder
- debian/
in the the CDDA server.
- debian/
unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
- debian/
Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
- debian/
MNG and QT demuxers. (CVE-2008-5237)
- debian/
heap-based buffer overflows from unchecked or incompletely-
function results. (CVE-2008-5239)
- debian/
untrusted values. (CVE-2008-5240)
- debian/
compressed atom handling. (CVE-2008-5241)
- debian/
untrusted or unchecked values. (CVE-2008-5243)
xine-lib (1.1.15- 0ubuntu3intrepi d1) intrepid-proposed; urgency=low
* New dpatch, 10_translation- fixes, fixes missing "%s" to protect against
broken translations; LP: #290768.
-- Loic Minier <email address hidden> Tue, 27 Jan 2009 14:35:33 +0100