Xine-Lib Malformed MPEG Stream Buffer Overflow Vulnerability
Xine-lib is susceptible to a buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the affected application.
Xine-lib version 1.1.1 is reportedly affected. Other versions may also be affected, as well as all applications that use a vulnerable version of the library.
Published: Apr 04 2006 12:00AM
Credit: Federico L. Bossi Bonin <firstname.lastname@example.org> discovered this issue.
*** Bug 128855 has been marked as a duplicate of this bug. ***
it is an A2. We should have acted now.
Sadly, AFAIK, no fix is available upstream and no other distrib has released any update yet. I'm not aware of any evolution on this issue. Has someone any information ?
FYI the target delay is counted once the bug has left upstream status, since we can't really fix it before.
Then let's wait and see !
Upstream is late
The 1.1.2_pre20060328 snapshot seems to be unaffected, at least the given concept stream doesn't crash xine at all (while it does on 1.1.1-r5).
Despite being a CVS snapshot, that version appears to me quite stable, I'm using it almost daily, for both Kaffeine (video playing) and amaroK (audio), and I haven't hit any kind of problem (it might be considered more working than the current 1.1.1 version in some aspects, like MKV demuxing).
At this point, I can think of removing it from package.mask and back in ~arch, to be tested for a while..
Okay I know I added -r1 just yesterday, but if this is going to be pushed stable, I'd rather see that marked stable as it _is_ finally stable. The main issue with xine (crashes when mad was disabled) is now fixed, and authenticated HTTP streams are fixed, too. I might say that this version is even more stable than the current stable :)
So if a decision for pushing this has to be made, I suppose it should be okay at this point in time.
Also, I didn't receive any "aaaargh my xine broke" kind of bugs after unmasking and going to ~arch.
ok, here we go: arches, please test and stable 1.1.2_pre20060328-r1, thank you.
(In reply to comment #8)
> ok, here we go: arches, please test and stable 1.1.2_pre20060328-r1, thank you.
stable on ppc64
stable on amd64
Besides a gcc-4.1 bug, it's working perfectly on hppa :)
Sorry for the last change.
This one is ready for GLSA.
arm & ia64 you can mark stable if you want, in order to benefit from the GLSA.
arm, ia64 please don't forget to mark stable to benifit from the GLSA.