Re: Proposed xine-lib updates for lenny (security & regressions)

To: debian-release@lists.debian.org, Darren Salt <linux@youmustbejoking.demon.co.uk>
Subject: Re: Proposed xine-lib updates for lenny (security & regressions)
From: Luk Claes <luk@debian.org>
Date: Tue, 10 Feb 2009 19:50:04 +0100
Message-id: <4991CC5C.7020707@debian.org>
In-reply-to: <5030F2729C%linux@youmustbejoking.demon.co.uk>
References: <5030F2729C%linux@youmustbejoking.demon.co.uk>

Darren Salt wrote:
> The attached patches fix security problems and regressions in xine-lib
> 1.1.14-5 (wrt -4).
> 
> 1. Race conditions in gapless_switch
>    Exposed by unrelated changes to avoid hangs caused by broken streams.
>    Can cause front ends to hang.
> 
> 2. Escaping from broken streams
>    My changes here caused problems for some front ends; see bug 514114.
> 
> 3. Some input validation checks, intended to fix CVE-2008-5239, are broken.
> 
> 4. Integer overflow in the 4XM demuxer. (TKADV2009-04)
> 
> I would like to *try* to get this into lenny before release; failing that,
> then via stable-security.

Please upload.

Cheers

Luk

Reply to:

Follow-Ups:
- Re: Proposed xine-lib updates for lenny (security & regressions)
  - From: Darren Salt <linux@youmustbejoking.demon.co.uk>

References:
- Proposed xine-lib updates for lenny (security & regressions)
  - From: Darren Salt <linux@youmustbejoking.demon.co.uk>

Prev by Date: Re: Possible unblock for mt-daapd 0.9~r1696.dfsg-6 (was: 0.9~r1696.dfsg-5)
Next by Date: Re: new upstream gEDA bug fix release
Previous by thread: Proposed xine-lib updates for lenny (security & regressions)
Next by thread: Re: Proposed xine-lib updates for lenny (security & regressions)
Index(es):
- Date
- Thread