On Monday 14 July 2008 02:02:31 Brad Smith wrote: > CVSROOT: /cvs > Module name: ports > Changes by: [EMAIL PROTECTED] 2008/07/14 00:02:31 > > Modified files: > multimedia/xvidcore: Makefile distinfo > multimedia/xvidcore/patches: patch-build_generic_Makefile > patch-build_generic_configure > multimedia/xvidcore/pkg: PLIST > > Log message: > - Update to XVidcore 1.1.3. > - Enable MMX/SSE2 support on amd64/i386. > - Remove the previous MAINTAINER. > > ok jakemsr@
I missed mentioning that there was a security issue fixed in this update. The vulnerability is caused due to an array indexing error in the "get_intra_block()" function within src/bitstream/mbcoding.c while processing Xvid AVI files. This can be exploited to corrupt memory via a specially crafted file. CVE-2007-3329 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
