A security problem has been reported to us by Ulf Harnhammar from the Debian Security Audit Project. Thanks a lot for finding this. You can read more about this problem in our advisory, but let me summarize it for you: Nasty things can happen simply by listening to your favorite CD. So be sure to upgrade to the freshly released version 1.0.3a of xine-lib. Unfortunately, this will not give you much more than a fix for this specific problem, because all the shiny new stuff is still hidden in the not-yet-stable 1.1 series of release. Reproducible: Always Steps to Reproduce: 1. 2. 3.
See http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml . Our version is already fixed, and the rest of the changes in 1.0.3a are relative to Windows (which is certainly not something we care about), so there will be no 1.0.3a version on portage.