346897 – <media-libs/xine-lib-1.1.19: Memory Corruption Vulnerability

Bug 346897 - <media-libs/xine-lib-1.1.19: Memory Corruption Vulnerability

Summary: <media-libs/xine-lib-1.1.19: Memory Corruption Vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://labs.mwrinfosecurity.com/advis...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:	349608
Blocks:
	Show dependency tree

Reported:	2010-11-26 21:09 UTC by Tim Sammut (RETIRED)
Modified:	2014-12-12 00:36 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2010-11-26 21:09:20 UTC

From $URL:

xine-lib is affected by a memory corruption vulnerability because it uses a variable without initialising it, this could be exploited by an attacker in order to execute arbitrary code on the target system with the privileges of the logged in user.

This is fixed in =media-libs/xine-lib-1.1.19.

media-video, are we ok to stabilize =media-libs/xine-lib-1.1.19. Thank you.

Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-01-10 12:06:40 UTC

The stabilization is now being handled in bug #349608, eh.

Comment 2 Samuli Suominen (RETIRED) gentoo-dev

2011-01-10 15:56:23 UTC

all arch's done

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2011-01-10 18:33:46 UTC

GLSA request filed.

Comment 4 Mike MacDonald 2013-07-01 03:10:30 UTC

Surely this can be closed, as affected versions are no longer in portage?

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2014-12-12 00:36:15 UTC

This issue was resolved and addressed in
 GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).