The attached patches fix security problems and regressions in xine-lib 1.1.14-5 (wrt -4). 1. Race conditions in gapless_switch Exposed by unrelated changes to avoid hangs caused by broken streams. Can cause front ends to hang. 2. Escaping from broken streams My changes here caused problems for some front ends; see bug 514114. 3. Some input validation checks, intended to fix CVE-2008-5239, are broken. 4. Integer overflow in the 4XM demuxer. (TKADV2009-04) I would like to *try* to get this into lenny before release; failing that, then via stable-security. -- | Darren Salt | linux or ds at | nr. Ashington, | Toon | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army | + Burn less waste. Use less packaging. Waste less. USE FEWER RESOURCES. Why do people drink decaffeinated coffee when the best part is the caffeine?
Attachment:
1.patch
Description: Binary data
Attachment:
2.patch
Description: Binary data
Attachment:
3.patch
Description: Binary data
Attachment:
4.patch
Description: Binary data
Attachment:
pgpT5l1K79_7S.pgp
Description: PGP signature