Summary: | media-libs/xine-lib: format string bug in CDDB features | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||||
Status: | RESOLVED FIXED | ||||||||||||||
Severity: | major | CC: | flameeyes | ||||||||||||
Priority: | High | ||||||||||||||
Version: | unspecified | ||||||||||||||
Hardware: | All | ||||||||||||||
OS: | Linux | ||||||||||||||
URL: | http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html | ||||||||||||||
Whiteboard: | A2 [glsa] jaervosz | ||||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
2005-10-02 02:31:25 UTC
Created attachment 69695 [details, diff]
xine-lib.formatstring.patch
Patch from Ulf Harnhammar
Diego, could you prepare and attach on this bug new ebuild(s) for xine-lib fixing this ? Please do not commit them to Portage before the release date (currently set to October 8th), we'll have arch testers test them from here. Created attachment 69847 [details]
xine-lib-1.1.0-r5.ebuild
This is going stable for sparc, alpha, ppc64 and ia64 (and amd64 would be great
too, as this should fix problems with current stable).
Created attachment 69848 [details]
xine-lib-1.0.1-r4.ebuild
This is the will-be stable for everything else (but mips probably).
Created attachment 69849 [details]
xine-lib-1_rc8-r2.ebuild
And this last one is for mips, that still has this last one as stable (and I'm
still moving this along also if it's basically broken for everyone else).
Created attachment 69850 [details]
xine-lib-1.1.0-r6.ebuild
At the end this is a non-stable version, based off 1.1.0-r4, with external
ffmpeg, so that ~arch users won't get a regression with ffmpeg.
Calling arch security contacts. Please test and report back which of those can be committed directly to stable for your arch. flameeyes is member of the amd64 team, so i'll let it up to him Giving ppc over to JoseJX, as xine is seriously broken on my machine (segmentation fault on startup). sparc looks good on 1.1.0-r5 with the exception that the patch should be named xine-lib-formatstring.patch (or changed in the ebuild) ;) xine-lib-1.1.0-r5 can go stable on ppc64, too. I can confirm that you have to rename the patch. The patch works fine on PPC, the segfault hansmi was reporting appears to be due to mismatched alsa-libs/in kernel driver as in bug #64818. which version do you want to see tested on x86 ? 1.0.1-r4 I think. 1.1.0 fixes some crashes, but seems having problem with flac. 1.1.0-r5 looks good on alpha. Then we only need ia64 and they are not essential for GLSA purposes. 1.1.0-r5 looks good on ia64 as well. Diego: ok so this can be committed to Portage with the appropriate stable keywords on October 8 (tomorrow) 1400 UTC. Let us know if you can't make it anytime that day. That should be ok, just remember me a bit before, just to be safe :) Please delay the commit till this night... we're having a bit of a trouble as mips recently keyworded xine-lib-1.1.0 (but not -r3 or -r4). I won't commit anything until this is sorted out. Diego please commit the fixed ebuilds. mips do not block GLSA sending so please go ahead. Committed Thx Diego. This one is ready for GLSA release. Thx everyone. GLSA 200510-08 mips don't forget to mark stable. |