Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 108842

Summary: xine-lib-1.0.3a available, solves a security bug.
Product: Gentoo Linux Reporter: Francisco Lloret <fcolloret>
Component: Current packagesAssignee: Diego Elio Pettenò (RETIRED) <flameeyes>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://xinehq.de
Whiteboard:
Package list:
Runtime testing required: ---

Description Francisco Lloret 2005-10-11 02:49:08 UTC 
A security problem has been reported to us by Ulf Harnhammar from the Debian
Security Audit Project. Thanks a lot for finding this. You can read more about
this problem in our advisory, but let me summarize it for you: Nasty things can
happen simply by listening to your favorite CD. So be sure to upgrade to the
freshly released version 1.0.3a of xine-lib. Unfortunately, this will not give
you much more than a fix for this specific problem, because all the shiny new
stuff is still hidden in the not-yet-stable 1.1 series of release.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2005-10-11 03:02:10 UTC 
See http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml . 
 
Our version is already fixed, and the rest of the changes in 1.0.3a are 
relative to Windows (which is certainly not something we care about), so there 
will be no 1.0.3a version on portage.