xine-lib 1.1.4-2ubuntu3.1 source package in Ubuntu
Changelog
xine-lib (1.1.4-2ubuntu3.1) feisty-security; urgency=low * SECURITY UPDATE: array index vulnerability * fix for src/libspeex/xine_decoder.c to properly validate its input * SECURITY UPDATE: buffer overflow in the NSF demuxer * fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup() * SECURITY UPDATE: integer overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM demuxers * fix demux_film.c, demux_flv.c, demux_qt.c, demux_real.c, demux_wc3movie.c and ebml.c to check for failure of various memory allocations * SECURITY UPDATE: array index vulnerability * fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify size of stream_id and stream_count * SECURITY UPDATE: buffer overflow in the RTSP header-handling code * fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238) * SECURITY UPDATE: buffer overflow in FLAC processing * fix for src/demuxers/demux_flac.c to check buffer lengths and leave room for NUL termination * SECURITY UPDATE: fix buffer overflow in ASF demuxer as demonstrated by exploit code for CVE-2006-1664 * fix src/demuxers/demux_asf.c to check the size of asf_header_len * SECURITY UPDATE: buffer over in Matroska demuxer * fix src/demuxers/demux_matroska.c to use unsigned ints and check size of first_frame_size and frame_size, and return value of parse_ebml_sint() and parse_ebml_uint() * References CVE-2008-1686 CVE-2008-1878 CVE-2008-1482 CVE-2008-0073 CVE-2008-0225 CVE-2008-0238 CVE-2008-0486 CVE-2008-1110 CVE-2008-1161 -- Jamie Strandboge <email address hidden> Wed, 30 Jul 2008 16:01:44 -0400
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Feisty
- Original maintainer:
- Reinhard Tartler
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
xine-lib_1.1.4.orig.tar.gz | 8.2 MiB | 1de93c996645c966585a45a622dbaeeaa4b60f866a12b230bae3308209175eab |
xine-lib_1.1.4-2ubuntu3.1.diff.gz | 28.8 KiB | 050b022febc09b3dc2fcbfa65fef3bc7e327f568d4d67b4dc64df1711d9ffaa7 |
xine-lib_1.1.4-2ubuntu3.1.dsc | 1.2 KiB | bd92a9c28cd4e7b3474197c037489e942be7a1753f5b0e3cf198f4cf5c33d0c4 |
Available diffs
Binary packages built by this source
- libxine-dev: No summary available for libxine-dev in ubuntu feisty.
No description available for libxine-dev in ubuntu feisty.
- libxine-extracodecs: No summary available for libxine-extracodecs in ubuntu feisty.
No description available for libxine-extracodecs in ubuntu feisty.
- libxine-main1: No summary available for libxine-main1 in ubuntu feisty.
No description available for libxine-main1 in ubuntu feisty.
- libxine1: No summary available for libxine1 in ubuntu feisty.
No description available for libxine1 in ubuntu feisty.
- libxine1-console: No summary available for libxine1-console in ubuntu feisty.
No description available for libxine1-console in ubuntu feisty.
- libxine1-dbg: No summary available for libxine1-dbg in ubuntu feisty.
No description available for libxine1-dbg in ubuntu feisty.
- libxine1-ffmpeg: No summary available for libxine1-ffmpeg in ubuntu feisty.
No description available for libxine1-ffmpeg in ubuntu feisty.
- libxine1-gnome: No summary available for libxine1-gnome in ubuntu feisty.
No description available for libxine1-gnome in ubuntu feisty.
- libxine1-kde: No summary available for libxine1-kde in ubuntu feisty.
No description available for libxine1-kde in ubuntu feisty.
- libxine1-plugins: No summary available for libxine1-plugins in ubuntu feisty.
No description available for libxine1-plugins in ubuntu feisty.