[regression] xine will not play certain mpeg video files

Bug #322834 reported by Ben Blout on 2009-01-29
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
xine-lib (Ubuntu)
Nominated for Dapper by Ben Blout
Nominated for Hardy by Ben Blout
Nominated for Jaunty by Ben Blout

Bug Description

Binary package hint: libxine-main1

I am running 6.06LTS:
$ lsb_release -rd
Description: Ubuntu 6.06.2 LTS
Release: 6.06

A security update just became available, which I installed. After upgrading libxine-main1 to version 1.1.1+ubuntu2-7.10(dapper-security), gxine will not play any (video) mpg files produced by a ReplayTV video recorder. When I start gxine from the command line:
$ gxine test.mpg
gxine opens a window, momentarily displays the filename, and does nothing more. It does not crash, and still responds properly to keystrokes and will play other files.

If I downgrade to the 1.1.1+ubuntu2-7(dapper) version, the videos play properly.

I have attached a two second video clip that will not play with the update, but does play with the earlier version.

mplayer and vlc will properly play these files.

Ben Blout (bdb-new) wrote :
Changed in xine-lib:
status: New → Confirmed
Jamie Strandboge (jdstrand) wrote :

This does not appear to work on Jaunty ( either, but plays in totem.

Ben Blout (bdb-new) wrote :

I went to https://launchpad.net/ubuntu/dapper/i386/libxine-main1/1.1.1+ubuntu2-7.9 and downloaded and installed version 1.1.1+ubuntu2-7.9.

Using this version gxine will play the video clip.

So the regression seems to be a very recent one...

Ben Blout (bdb-new) wrote :

Bug appears to be resolved upstream.
Happy to help with testing.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xine-lib - 1.1.7-1ubuntu1.5

xine-lib (1.1.7-1ubuntu1.5) gutsy-security; urgency=low

  * REGRESSION: Broken size checks in CVE-2008-5239 input plugins patch
    (LP: #322834)
    - src/input/input_*.c: fix the size checks broken by the previous
      security update.
    - http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=b11cc37934629a2965859163db6095fbbe2b44be;style=gitweb
    - CVE-2008-5239
  * SECURITY UPDATE: Integer overflow in the 4xm demuxer
    - src/demuxers/demux_4xm.c: Make sure we don't overflow
    - http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=ba872682eba8a10217c48b7fe21f0fa763ef4af3;style=gitweb
    - CVE-2009-0698

 -- Marc Deslauriers <email address hidden> Tue, 24 Mar 2009 10:16:54 -0400

Changed in xine-lib:
status: Confirmed → Fix Released
Changed in xine-lib:
status: Unknown → Fix Released
Changed in xine-lib:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.