Please update xine-lib to 1.1.13 - this will solve several important bugs, like:
* [CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF)
demuxer
* Ubuntu bug #93076 - important display bug with Motion JPEG video's (such
videos are produced by most photo cameras)
I'm pasting important info from xine-lib to 1.1.13 Release Notes:
Maintenance & security-fix release.
Changes:
* Security fixes:
- Buffer overflow in the NSF demuxer which may allow remote attackers to
cause a denial of service (crash) or possibly execute arbitrary code
via an NSF file with a long title or copyright message. (CVE-2008-1878)
- For extra safety against possible Integer overflows like the ones found
in CVE-2008-1482, backport more calloc usage from 1.2 branch.
* Added MIME types and .mpp for musepack.
* Fixed display of some MJPEG streams (YUVJ420P).
* Provide a useful implementation of xine_register_log_cb().
* New version of the JACK output plugin.
See
http://sourceforge.net/project/shownotes.php?release_id=606977&group_id=9655
for full release notes
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1482
** Also affects: xine-lib (Baltix)
Importance: Undecided
Status: New
--
[CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF) demuxer
https://bugs.launchpad.net/bugs/235904
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
