-
xine-lib (1.0-1ubuntu3.9) hoary-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution with crafted streams.
* src/demuxers/demux_avi.c: Fix buffer overflow in AVI index size.
* src/libffmpeg/libavcodec/4xm.c: Fix integer overflow.
* References
- CVE-2006-4799
- http://xine.cvs.sourceforge.net/xine/xine-lib/src/demuxers/demux_avi.c?r1=1.224&r2=1.225
- CVE-2006-4800
- http://bugs.gentoo.org/show_bug.cgi?id=133520
-- Kees Cook <email address hidden> Fri, 29 Sep 2006 17:55:36 +0000
-
xine-lib (1.0-1ubuntu3.8) hoary-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution with crafted streams.
* src/input/mms[h].c: Fix multiple buffer overflows in embedded libmms,
thanks to patch from Matthias Hopf.
* src/input/input_http.c: Fixed previous security patch (s/buflen/BUFSIZE).
-- Martin Pitt <email address hidden> Tue, 11 Jul 2006 18:17:08 +0000
-
xine-lib (1.0-1ubuntu3.7) hoary-security; urgency=low
* SECURITY UPDATE: Remote DoS and probably code execution.
* src/input/input_http.c:
- Fix buffer overflow in http_plugin_open().
- Patch from upstream CVS.
- CVE-2006-2802
-- Martin Pitt <email address hidden> Wed, 7 Jun 2006 09:46:54 +0000
-
xine-lib (1.0-1ubuntu3.6) hoary-security; urgency=low
* Rebuild.
-- Martin Pitt <email address hidden> Fri, 16 Dec 2005 10:39:12 +0100
-
xine-lib (1.0-1ubuntu3.4) hoary-updates; urgency=low
* SECURITY UPDATE: Fix arbitrary code execution with crafted PNG images in
embedded ffmpeg copy.
* src/libffmpeg/libavcodec/utils.c, avcodec_default_get_buffer(): Apply
upstream patch to fix buffer overflow on decoding of small PIX_FMT_PAL8
PNG files.
* References:
CVE-2005-4048
http://mplayerhq.hu/pipermail/ffmpeg-devel/2005-November/005333.html
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/
utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg
-- Martin Pitt <email address hidden> Thu, 15 Dec 2005 12:33:12 +0000
-
xine-lib (1.0-1ubuntu3.3) hoary-updates; urgency=low
* SECURITY UPDATE: Remote arbitrary code execution.
* src/input/input_cdda.c: Fix format string vulnerability in fprintf() call.
* CAN-2005-2967
-- Martin Pitt <email address hidden> Mon, 10 Oct 2005 10:59:17 +0200
-
xine-lib (1.0-1ubuntu3) hoary; urgency=low
* Remove internal libmad support and patch to use external libmad library.
Please install libmad0 to restore support for restricted formats.
* debain/shlibdeps.sh:
- Generate Suggests for xineplug_decode_mad.so
- Fix problem that caused nothing to be generated if a Recommends or
Suggests library is missing
-- Chris Halls <email address hidden> Wed, 6 Apr 2005 09:45:07 +0100
-
xine-lib (1.0-1ubuntu2) hoary; urgency=low
* Rebuild against libflac6 (Closes #7576)
-- Charles Majola <email address hidden> Mon, 14 Mar 2005 11:32:36 +0200