Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
maintainers - please advise
xine-lib-1.1.10.1 in the tree should fix this: Changes: * Security fixes: - Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. (CVE-2008-0486) * Fix a RealPlayer codec detection bug. * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag size.
Is 1.1.10.1 ready for stable marking?
(In reply to comment #3) > Is 1.1.10.1 ready for stable marking? > should be, its 1.1.10 plus the three bugfixes I cited
Thx Alexis. Arches please test and mark stable. Target keywords are: xine-lib-1.1.10.1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
x86 stable
ppc stable
amd64 done
ppc64 stable; thanks
Stable for HPPA.
Sparc stable.
alpha/ia64 stable, thanks Tobias
Fixed in release snapshot.
GLSA 200802-12, thanks everyone.
Please note that this update also fixed CVE-2008-1161.