From xine webpage: A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files (CVE-2008-3231), some related fixes, and fixes for a few possible buffer overflows. The other changes include recognition of AMR audio and Snow video.
bumped
Arches, please test and mark stable: =media-libs/xine-lib-1.1.15 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
CVE-2008-3231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3231): xine allows user-assisted attackers to cause a denial of service (application crash) via a crafted OGG file, as demonstrated by lol-ffplay.ogg.
ia64/x86 stable
Stable for HPPA.
amd64 stable
Created attachment 162994 [details, diff] fix for use=-vis on sparc On sparc it failes to compiled with USE="-vis": /tmp/portage/media-libs/xine-lib-1.1.15/work/xine-lib-1.1.15/src/libmpeg2/motion_comp.c:76: undefined reference to `mpeg2_mc_vis' because src/libmpeg2/motion_comp_vis.c has #if defined(ARCH_SPARC) && defined(ENABLE_VIS) and src/libmpeg2/motion_comp.c has #ifdef ARCH_SPARC can you apply this patch to fix it, please?
Stable on alpha.
ppc64 stable
(In reply to comment #7) > can you apply this patch to fix it, please? Applied thanks (you could aswell have done it yourself as that's sparc specific code) Please don't forget to send it upstream so that it's fixed for good.
Thanks, sparc stable (In reply to comment #10) > Please don't forget to send it upstream so that it's fixed for good. done
ppc stable
request filed
1.1.15 has caused a regression with KDE players, see blocked bug. Arches, please test and mark stable: =media-libs/xine-lib-1.1.15-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
sparc stable
amd64 stable as well
Stable on alpha, sorry for taking so long.
GLSA request filed.
What about http://www.ocert.org/advisories/ocert-2008-008.html ? It says not all vulns are fixed in 1.1.15 :/
arm stable
GLSA filed including bug 234777, bug 249041, bug 260069, and bug 265250.
GLSA 201006-04
