Re: Proposed xine-lib updates for lenny (security & regressions)
Darren Salt wrote:
> The attached patches fix security problems and regressions in xine-lib
> 1.1.14-5 (wrt -4).
>
> 1. Race conditions in gapless_switch
> Exposed by unrelated changes to avoid hangs caused by broken streams.
> Can cause front ends to hang.
>
> 2. Escaping from broken streams
> My changes here caused problems for some front ends; see bug 514114.
>
> 3. Some input validation checks, intended to fix CVE-2008-5239, are broken.
>
> 4. Integer overflow in the 4XM demuxer. (TKADV2009-04)
>
> I would like to *try* to get this into lenny before release; failing that,
> then via stable-security.
Please upload.
Cheers
Luk
Reply to: