"By setting up a malicious CDDB server, an attacker can overwrite arbitrary memory locations with arbitrary data." Among the affected versions are all 1.0 releases up to and including 1.0.2, and 1.1.0.
The problem is solved in version 1.0.3a. A patch against CVS is also available. A workaround is to delete the xineplug_inp_cdda.so file. More information: <http://xinehq.de/index.php/security/XSA-2005-1>. Regards, Tim -- http://linuxfromscratch.org/mailman/listinfo/lfs-security FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
