Accepted gxine 0.5.8-2 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 07 Jan 2007 19:32:05 +0000
Source: gxine
Binary: gxineplugin gxine
Architecture: source i386
Version: 0.5.8-2
Distribution: unstable
Urgency: high
Maintainer: Siggi Langauf <siggi@debian.org>
Changed-By: Darren Salt <linux@youmustbejoking.demon.co.uk>
Description:
gxine - the xine video player, GTK+/Gnome user interface
gxineplugin - the xine video player, GTK+/Gnome; launcher plugin for Mozilla
Closes: 405876
Changes:
gxine (0.5.8-2) unstable; urgency=high
.
* SECURITY FIX (local exploit) (closes: #405876)
This version fixes a potential buffer overflow in gxine's server
component and in gxine_client. This overflow would occur were $HOME
sufficiently long - 94 bytes or more would cause socket creation or
connection failure, and 242 bytes or more would cause a segfault or
possible arbitrary code execution.
* Enabled the watchdog code (which will kill gxine if it gets stuck for
30 seconds).
Files:
a70e2c33df871c4dad74c9598bd0d07f 806 graphics optional gxine_0.5.8-2.dsc
849c0a07f5f167b18e2026329df2aa33 7740 graphics optional gxine_0.5.8-2.diff.gz
b4f1e6d72e41e5b02cff04b6f65e436c 459784 graphics optional gxine_0.5.8-2_i386.deb
551717a3ae8dd0dc2d8d642679875b76 7074 graphics optional gxineplugin_0.5.8-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Debian Powered!
iD8DBQFFoW1qmAg1RJRTSKQRAuKkAJ4ynmOCWJ/O4kLmr03Gf+Lsr2vTYwCfQCfR
WnthRzCkQsZfGXUnYu9/cwI=
=m0wX
-----END PGP SIGNATURE-----
Accepted:
gxine_0.5.8-2.diff.gz
to pool/main/g/gxine/gxine_0.5.8-2.diff.gz
gxine_0.5.8-2.dsc
to pool/main/g/gxine/gxine_0.5.8-2.dsc
gxine_0.5.8-2_i386.deb
to pool/main/g/gxine/gxine_0.5.8-2_i386.deb
gxineplugin_0.5.8-2_i386.deb
to pool/main/g/gxine/gxineplugin_0.5.8-2_i386.deb
Reply to: