108842 – xine-lib-1.0.3a available, solves a security bug.

Bug 108842 - xine-lib-1.0.3a available, solves a security bug.

Summary: xine-lib-1.0.3a available, solves a security bug.

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Diego Elio Pettenò (RETIRED)

URL:	http://xinehq.de
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-11 02:49 UTC by Francisco Lloret
Modified:	2005-10-11 03:02 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Francisco Lloret 2005-10-11 02:49:08 UTC

A security problem has been reported to us by Ulf Harnhammar from the Debian
Security Audit Project. Thanks a lot for finding this. You can read more about
this problem in our advisory, but let me summarize it for you: Nasty things can
happen simply by listening to your favorite CD. So be sure to upgrade to the
freshly released version 1.0.3a of xine-lib. Unfortunately, this will not give
you much more than a fix for this specific problem, because all the shiny new
stuff is still hidden in the not-yet-stable 1.1 series of release.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev

2005-10-11 03:02:10 UTC

See http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml . 
 
Our version is already fixed, and the rest of the changes in 1.0.3a are 
relative to Windows (which is certainly not something we care about), so there 
will be no 1.0.3a version on portage.