Summary: | media-libs/xine-lib : filesystem write vulnerability XSA-2004-1 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | fbusse |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://xinehq.de/index.php/security | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 45448, 48324 | ||
Attachments: | xine-lib patch |
Description
fbusse
2004-04-16 22:31:28 UTC
Created attachment 29470 [details, diff]
xine-lib patch
xine-lib-1_rc3-r3.ebuild is the 1-rc3c version, so it includes the fix. We just need it available on all arch and stable before issuing a global xine-ui / xine-lib GLSA. marked stable on amd64... Marked stable on Alpha. Stable on sparc. Bump: x86, ppc : please test and mark stable (if stable :) ) -K Sorry, too few testers with stable machines on ppc. But this version of xine (and xine-lib) seems to be the first since a long time, that works again on ppc. But sometimes I have issues with the correct colours and sometimes xine just exists with a memory error. I propose for not updating (or mask it comletely for ppc). But my system could also be unstable at some parts. Hopefully somebody else will also test on ppc. PS: Testen on a G3 which has no Altivec. Lars: For ppc we have for the moment xine-ui-0.9.13-r1 and xine-lib-1_rc3-r1 stable, which are both vulnerable. So you have two choices : 1- xine-ui-0.9.23-r2 and xine-lib-1_rc3-r3 work the same / better than the old stable, in which case we should mark them stable 2- they work worse, in which case we should package.mask the two packages since we cannot let vulnerable or unstable packages there. Your call :) I marked it stable on ppc. It works on my ~ppc box and it is better than to mask it. Stable on x86. GLSA-ready -- draft written GLSA 200404-20. |