xine-lib 1.1.7-1ubuntu1.3 source package in Ubuntu
Changelog
xine-lib (1.1.7-1ubuntu1.3) gutsy-security; urgency=low
* SECURITY UPDATE: array index vulnerability
* fix for src/libxineadec/xine_speex_decoder.c to properly validate its
input
* SECURITY UPDATE: buffer overflow in the NSF demuxer
* fix for src/demuxers/demux_nsf.c to use strndup() instead of strdup()
* SECURITY UPDATE: integer overflows in FLV, Qt, Real, WC3Movie, Matroska
and FILM demuxers
* fix demux_film.c, demux_flv.c, demux_qt.c, demux_real.c, demux_wc3movie.c
and ebml.c to check for failure of various memory allocations
* SECURITY UPDATE: array index vulnerability
* fix src/input/libreal/sdpplin.c and src/input/libreal/sdpplin.h to verify
size of stream_id and stream_count
* SECURITY UPDATE: buffer overflow in the RTSP header-handling code
* fix src/input/libreal/rmff.c and src/input/libreal/rmff.h to check buffer
sizes in rmff_dump_*() functions (CVE-2008-0225 and CVE-2008-0238)
* SECURITY UPDATE: buffer overflow in FLAC processing
* fix for src/demuxers/demux_flac.c to check buffer lengths and leave room
for NUL termination
* SECURITY UPDATE: fix buffer overflow in ASF demuxer as demonstrated by
exploit code for CVE-2006-1664
* fix src/demuxers/demux_asf.c to check the size of asf_header_len
* SECURITY UPDATE: buffer over in Matroska demuxer
* fix src/demuxers/demux_matroska.c to use unsigned ints and check size of
first_frame_size and frame_size, and return value of parse_ebml_sint() and
parse_ebml_uint()
* References
CVE-2008-1686
CVE-2008-1878
CVE-2008-1482
CVE-2008-0073
CVE-2008-0225
CVE-2008-0238
CVE-2008-0486
CVE-2008-1110
CVE-2008-1161
-- Jamie Strandboge <email address hidden> Wed, 30 Jul 2008 15:57:21 -0400
Upload details
- Uploaded by:
- Jamie Strandboge
- Uploaded to:
- Gutsy
- Original maintainer:
- Reinhard Tartler
- Architectures:
- any
- Section:
- libs
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xine-lib_1.1.7.orig.tar.gz | 8.5 MiB | 9f7b405597b948f134becf0126ff1f1ecb9ddfeeb4987f26617c9783f1ae51da |
| xine-lib_1.1.7-1ubuntu1.3.diff.gz | 27.1 KiB | 26af952c460207c6ca7a02d2e2542024a61d267cf820fb85ea98c8150292f0b0 |
| xine-lib_1.1.7-1ubuntu1.3.dsc | 1.6 KiB | 7cf860ab9729b156e79910308018dcc75ce525e02b403aee305e3d2538bf92c4 |
Available diffs
Binary packages built by this source
- libxine-dev: No summary available for libxine-dev in ubuntu gutsy.
No description available for libxine-dev in ubuntu gutsy.
- libxine1: No summary available for libxine1 in ubuntu gutsy.
No description available for libxine1 in ubuntu gutsy.
- libxine1-console: No summary available for libxine1-console in ubuntu gutsy.
No description available for libxine1-console in ubuntu gutsy.
- libxine1-dbg: No summary available for libxine1-dbg in ubuntu gutsy.
No description available for libxine1-dbg in ubuntu gutsy.
- libxine1-doc: No summary available for libxine1-doc in ubuntu gutsy.
No description available for libxine1-doc in ubuntu gutsy.
- libxine1-ffmpeg: No summary available for libxine1-ffmpeg in ubuntu gutsy.
No description available for libxine1-ffmpeg in ubuntu gutsy.
- libxine1-gnome: No summary available for libxine1-gnome in ubuntu gutsy.
No description available for libxine1-gnome in ubuntu gutsy.
- libxine1-plugins: No summary available for libxine1-plugins in ubuntu gutsy.
No description available for libxine1-plugins in ubuntu gutsy.
