Package: xine-lib Severity: important You fixed CVE-2008-5238 but missed one part of the advisory which is not fixed: "In addition, the type_specific_data allocation is not checked for failure not for a zero-valued size, an unexpected process termination issue."
Any reason you left this out? I think the chances to exploit this are not very high as the chance to chose a size malloc fails for but memcpy succeeds is not very high on modern system having a lot of RAM. However it shouldn't be impossible. Please fix. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpP6J5cbTLE4.pgp
Description: PGP signature