Debian changelog:
xine-lib (1.1.10-1) unstable; urgency=high
* New upstream release (Closes: #459836)...
* ... fixing some security bugs:
- CVE-2008-0225: Heap-based buffer overflow in rmff_dump_cont function
which allows remote attacker to execute arbitrary code via a crafted
SDP Abstract attribute (Closes: #460551).
This also acks 1.1.8-3+lenny1 (NMU by the security team).
- Related to CVE-2006-1664: Buffer overflow which allows a remote
attacker to execute arbitrary code or crash the client program via a
crafted ASF header.
* ... and fixing some other bugs, including:
- Disappearing audio. (Closes: #461970)
[ Darren Salt ]
* Build-depend on gs-gpl | gs. Avoids FTBFS where recommended packages
aren't automatically installed.
* Put libxine1-doc in section libdevel.
* Move libxine1-doc | libxine-doc to Suggests: in libxine1. (Closes: #458103)
* Add postinst scripts to ensure that the documentation symlinks are
properly created. (This is really dpkg bugginess.) (Closes: #458865)
* Standards version 3.7.3; no changes needed.
[ Reinhard Tartler ]
* Actually install xineplug_decode_w32dll.so and xineplug_decode_qt.so
on i386. debian/rules accidentally used $< where it should have been
$^. Thanks to Gert Kulyk for reporting! LP: #182400
* Fix XS-Hg-VCS headers in debian/control LP: #183886
-- Darren Salt <[EMAIL PROTECTED]> Sat, 26 Jan 2008
22:16:28 +0000
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-1664
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0225
** Tags added: sync
--
Please sync xine-lib (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/181949
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
