1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
PublicDateAtUSN: 2008-11-25
Candidate: CVE-2008-5244
PublicDate: 2008-11-25
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498243
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407010
http://www.ubuntu.com/usn/usn-710-1
Description:
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and
attack vectors related to libfaad. NOTE: due to the lack of details, it is
not clear whether this is an issue in xine-lib or in libfaad.
Ubuntu-Description:
Notes:
mdeslaur> Same AAC issue as the first part of CVE-2008-4610
mdeslaur> looks like debian fixed this by building xine-lib with the system
mdeslaur> faad, which is in universe for us...
mdeslaur> Tester is lol-vlc.aac. Doesn't crash intrepid.
mdeslaur> xine 1.1.15 updated built-in libfaad to get rid of crashers
mdeslaur> Not sure what to do for older versions...
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_xine-lib:
upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18c0264660b951b8e5672f1a66d1bcecdfeb6ea8;style=gitweb
upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=434756e85c83322e948d2e2b9fa774c448147df0;style=gitweb
upstream_xine-lib: needs-triage
dapper_xine-lib: released (1.1.1+ubuntu2-7.10)
gutsy_xine-lib: released (1.1.7-1ubuntu1.4)
hardy_xine-lib: released (1.1.11.1-1ubuntu3.2)
intrepid_xine-lib: not-affected (1.1.15)
jaunty_xine-lib: not-affected (1.1.15)
karmic_xine-lib: not-affected (1.1.15)
devel_xine-lib: not-affected (1.1.15)
Patches_faad2:
upstream_faad2: not-affected (2.6.1)
dapper_faad2: ignored (reached end-of-life)
gutsy_faad2: needed (reached end-of-life)
hardy_faad2: not-affected
intrepid_faad2: not-affected
jaunty_faad2: not-affected
karmic_faad2: not-affected
devel_faad2: not-affected
|