Ubuntu
xine-lib package

Change logs for xine-lib source package in Hoary

  1. Hoary (5.04)
  2. Change log 
  • xine-lib (1.0-1ubuntu3.9) hoary-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution with crafted streams.
  * src/demuxers/demux_avi.c: Fix buffer overflow in AVI index size.
  * src/libffmpeg/libavcodec/4xm.c: Fix integer overflow.
  * References
    - CVE-2006-4799
    - http://xine.cvs.sourceforge.net/xine/xine-lib/src/demuxers/demux_avi.c?r1=1.224&r2=1.225
    - CVE-2006-4800
    - http://bugs.gentoo.org/show_bug.cgi?id=133520

 -- Kees Cook <email address hidden>   Fri, 29 Sep 2006 17:55:36 +0000
  • xine-lib (1.0-1ubuntu3.8) hoary-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution with crafted streams.
  * src/input/mms[h].c: Fix multiple buffer overflows in embedded libmms,
    thanks to patch from Matthias Hopf.
  * src/input/input_http.c: Fixed previous security patch (s/buflen/BUFSIZE).

 -- Martin Pitt <email address hidden>   Tue, 11 Jul 2006 18:17:08 +0000
  • xine-lib (1.0-1ubuntu3.7) hoary-security; urgency=low

  * SECURITY UPDATE: Remote DoS and probably code execution.
  * src/input/input_http.c:
    - Fix buffer overflow in http_plugin_open().
    - Patch from upstream CVS.
    - CVE-2006-2802

 -- Martin Pitt <email address hidden>   Wed,  7 Jun 2006 09:46:54 +0000
  • xine-lib (1.0-1ubuntu3.6) hoary-security; urgency=low


  * Rebuild.

 -- Martin Pitt <email address hidden>  Fri, 16 Dec 2005 10:39:12 +0100
  • xine-lib (1.0-1ubuntu3.4) hoary-updates; urgency=low

  * SECURITY UPDATE: Fix arbitrary code execution with crafted PNG images in
    embedded ffmpeg copy.
  * src/libffmpeg/libavcodec/utils.c, avcodec_default_get_buffer(): Apply
    upstream patch to fix buffer overflow on decoding of small PIX_FMT_PAL8
    PNG files.
  * References:
    CVE-2005-4048
    http://mplayerhq.hu/pipermail/ffmpeg-devel/2005-November/005333.html
    http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/
    utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg

 -- Martin Pitt <email address hidden>   Thu, 15 Dec 2005 12:33:12 +0000
  • xine-lib (1.0-1ubuntu3.3) hoary-updates; urgency=low


  * SECURITY UPDATE: Remote arbitrary code execution.
  * src/input/input_cdda.c: Fix format string vulnerability in fprintf() call.
  * CAN-2005-2967

 -- Martin Pitt <email address hidden>  Mon, 10 Oct 2005 10:59:17 +0200
  • xine-lib (1.0-1ubuntu3) hoary; urgency=low


  * Remove internal libmad support and patch to use external libmad library.
    Please install libmad0 to restore support for restricted formats.
  * debain/shlibdeps.sh: 
    - Generate Suggests for xineplug_decode_mad.so
    - Fix problem that caused nothing to be generated if a Recommends or
      Suggests library is missing

 -- Chris Halls <email address hidden>  Wed,  6 Apr 2005 09:45:07 +0100
  • xine-lib (1.0-1ubuntu2) hoary; urgency=low


  * Rebuild against libflac6 (Closes #7576) 

 -- Charles Majola <email address hidden>  Mon, 14 Mar 2005 11:32:36 +0200