Summary: | <media-libs/xine-lib-1.1.16.3: Integer overflow (CVE-2009-1274) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://trapkit.de/advisories/TKADV2009-005.txt | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-04-07 06:33:59 UTC
media-video, looks like .3 is already in CVS, can we go stable? (In reply to comment #1) > media-video, looks like .3 is already in CVS, can we go stable? yes its ok for stable; its just i've given up on following xine-lib's security status some time ago... Arches, please test and mark stable: =media-libs/xine-lib-1.1.16.3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" ppc and pcp64 done Stable for HPPA. Stable on alpha. amd64 stable ====================================================== Name: CVE-2009-1274 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1274 Integer overflow in the qt_error parse_trak_atom function in demuxers/demux_qt.c in xine-lib 1.1.16.2 and earlier allows remote attackers to execute arbitrary code via a Quicktime movie file with a large count value in an STTS atom, which triggers a heap-based buffer overflow. sparc stable arm/ia64/x86 stable GLSA together with bug 234777. GLSA filed including bug 234777, bug 249041, bug 260069, and bug 265250. GLSA 201006-04 |