Accepted xine-lib 1.1.2+dfsg-7 (source amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 20 May 2008 23:48:53 -0700
Source: xine-lib
Binary: libxine1-dbg libxine-dev libxine1
Architecture: source amd64
Version: 1.1.2+dfsg-7
Distribution: stable-security
Urgency: low
Maintainer: Siggi Langauf <siggi@debian.org>
Changed-By: Devin Carraway <devin@debian.org>
Description:
libxine-dev - the xine video player library, development packages
libxine1 - the xine video/media player library, binary files
libxine1-dbg - the xine video/media player library, debug data
Closes: 472639
Changes:
xine-lib (1.1.2+dfsg-7) stable-security; urgency=low
.
* Non-maintainer upload by the security team
* Patches from maintainer:
- CVE-2008-1482: Fix various integer overflows in Qt, Real, WC3Movie,
Matroska and FILM demuxers, allowing remote attackers to trigger heap
overflows and possibly execute arbitrary code; fix other possible NULL
pointer dereferences caused by missing alloc checks. (Closes: #472639)
The FLV (Flash) demuxer in this version is not patched since the
affected code was added in 1.1.4.
- CVE-2008-1686: Unchecked array index may allow remote attackers to
execute arbitrary code via a header structure containing a
negative offset, which is used to dereference a function pointer.
- CVE-2008-1878: Buffer overflow in the NSF demuxer which may allow
remote attackers to cause a denial of service (crash) or possibly
execute arbitrary code via an NSF file with a long title or copyright
message.
- Backport more calloc usage from the 1.2 branch for extra safety
against possible integer overflows such as found in CVE-2008-1482.
Files:
b0949db5082a590b1afa4f477005f79f 1585 libs optional xine-lib_1.1.2+dfsg-7.dsc
9ef42da73934e6a981151549e97fd396 32397 libs optional xine-lib_1.1.2+dfsg-7.diff.gz
f8305c6e72d9fd2a25cb7b144e0d696d 117506 libdevel optional libxine-dev_1.1.2+dfsg-7_amd64.deb
b94199ba7a4a578db7eb0eefa42b725c 3050404 libs optional libxine1_1.1.2+dfsg-7_amd64.deb
635669edb747900be1b17a17dba1f564 3660324 libs extra libxine1-dbg_1.1.2+dfsg-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIM8m9U5XKDemr/NIRAvqcAJ9SxvnTMR6dJGLsRYnrZB7e9ixfpgCdEwdR
CkRJdq5YgaQygybbDGDLDtQ=
=dGd9
-----END PGP SIGNATURE-----
Accepted:
libxine-dev_1.1.2+dfsg-7_amd64.deb
to pool/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_amd64.deb
libxine1-dbg_1.1.2+dfsg-7_amd64.deb
to pool/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_amd64.deb
libxine1_1.1.2+dfsg-7_amd64.deb
to pool/main/x/xine-lib/libxine1_1.1.2+dfsg-7_amd64.deb
xine-lib_1.1.2+dfsg-7.diff.gz
to pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.diff.gz
xine-lib_1.1.2+dfsg-7.dsc
to pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.dsc
Reply to: