Summary: | media-libs/xine-lib <1.1.10.1 execution of arbitrary code (CVE-2008-0486) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0486 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Lars Hartmann
2008-02-06 09:34:48 UTC
maintainers - please advise xine-lib-1.1.10.1 in the tree should fix this: Changes: * Security fixes: - Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. (CVE-2008-0486) * Fix a RealPlayer codec detection bug. * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag size. Is 1.1.10.1 ready for stable marking? (In reply to comment #3) > Is 1.1.10.1 ready for stable marking? > should be, its 1.1.10 plus the three bugfixes I cited Thx Alexis. Arches please test and mark stable. Target keywords are: xine-lib-1.1.10.1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" x86 stable ppc stable amd64 done ppc64 stable; thanks Stable for HPPA. Sparc stable. alpha/ia64 stable, thanks Tobias Fixed in release snapshot. GLSA 200802-12, thanks everyone. Please note that this update also fixed CVE-2008-1161. |