1
xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low
3
* SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
4
- debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
5
invalid track type in Matroska files.
6
- debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
7
overflow in the ffmpeg video decoder.
8
- debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
9
in the ffmpeg audio decoder
10
- debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
11
in the the CDDA server.
12
- debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
13
unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
14
- debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
15
Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
16
- debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
17
MNG and QT demuxers. (CVE-2008-5237)
18
- debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
19
heap-based buffer overflows from unchecked or incompletely-checked read
20
function results. (CVE-2008-5239)
21
- debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
22
untrusted values. (CVE-2008-5240)
23
- debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
24
compressed atom handling. (CVE-2008-5241)
25
- debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
26
untrusted or unchecked values. (CVE-2008-5243)
28
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 21 Jan 2009 08:32:25 -0500
1
30
xine-lib (1.1.15-0ubuntu3) intrepid; urgency=low
3
32
* Changed xine-engine/buffer.h to use __inline__