xine-lib 1.1.4-2ubuntu3.1 source package in Ubuntu
Changelog
xine-lib (1.1.4-2ubuntu3.1) feisty-security; urgency=low
* SECURITY UPDATE: array index vulnerability
* fix for src/libspeex/xine_decoder.c to properly validate its input
* SECURITY UPDATE: buffer overflow in the NSF demuxer
* fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup()
* SECURITY UPDATE: integer overflows in FLV, Qt, Real, WC3Movie, Matroska
and FILM demuxers
* fix demux_film.c, demux_flv.c, demux_qt.c, demux_real.c, demux_wc3movie.c
and ebml.c to check for failure of various memory allocations
* SECURITY UPDATE: array index vulnerability
* fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify
size of stream_id and stream_count
* SECURITY UPDATE: buffer overflow in the RTSP header-handling code
* fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer
sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238)
* SECURITY UPDATE: buffer overflow in FLAC processing
* fix for src/demuxers/demux_flac.c to check buffer lengths and leave room
for NUL termination
* SECURITY UPDATE: fix buffer overflow in ASF demuxer as demonstrated by
exploit code for CVE-2006-1664
* fix src/demuxers/demux_asf.c to check the size of asf_header_len
* SECURITY UPDATE: buffer over in Matroska demuxer
* fix src/demuxers/demux_matroska.c to use unsigned ints and check size of
first_frame_size and frame_size, and return value of parse_ebml_sint() and
parse_ebml_uint()
* References
CVE-2008-1686
CVE-2008-1878
CVE-2008-1482
CVE-2008-0073
CVE-2008-0225
CVE-2008-0238
CVE-2008-0486
CVE-2008-1110
CVE-2008-1161
-- Jamie Strandboge <email address hidden> Wed, 30 Jul 2008 16:01:44 -0400
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Feisty
- Original maintainer:
- Reinhard Tartler
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xine-lib_1.1.4.orig.tar.gz | 8.2 MiB | 1de93c996645c966585a45a622dbaeeaa4b60f866a12b230bae3308209175eab |
| xine-lib_1.1.4-2ubuntu3.1.diff.gz | 28.8 KiB | 050b022febc09b3dc2fcbfa65fef3bc7e327f568d4d67b4dc64df1711d9ffaa7 |
| xine-lib_1.1.4-2ubuntu3.1.dsc | 1.2 KiB | bd92a9c28cd4e7b3474197c037489e942be7a1753f5b0e3cf198f4cf5c33d0c4 |
Available diffs
Binary packages built by this source
- libxine-dev: No summary available for libxine-dev in ubuntu feisty.
No description available for libxine-dev in ubuntu feisty.
- libxine-extracodecs: No summary available for libxine-extracodecs in ubuntu feisty.
No description available for libxine-extracodecs in ubuntu feisty.
- libxine-main1: No summary available for libxine-main1 in ubuntu feisty.
No description available for libxine-main1 in ubuntu feisty.
- libxine1: No summary available for libxine1 in ubuntu feisty.
No description available for libxine1 in ubuntu feisty.
- libxine1-console: No summary available for libxine1-console in ubuntu feisty.
No description available for libxine1-console in ubuntu feisty.
- libxine1-dbg: No summary available for libxine1-dbg in ubuntu feisty.
No description available for libxine1-dbg in ubuntu feisty.
- libxine1-ffmpeg: No summary available for libxine1-ffmpeg in ubuntu feisty.
No description available for libxine1-ffmpeg in ubuntu feisty.
- libxine1-gnome: No summary available for libxine1-gnome in ubuntu feisty.
No description available for libxine1-gnome in ubuntu feisty.
- libxine1-kde: No summary available for libxine1-kde in ubuntu feisty.
No description available for libxine1-kde in ubuntu feisty.
- libxine1-plugins: No summary available for libxine1-plugins in ubuntu feisty.
No description available for libxine1-plugins in ubuntu feisty.
