Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 346897 - <media-libs/xine-lib-1.1.19: Memory Corruption Vulnerability
Summary: <media-libs/xine-lib-1.1.19: Memory Corruption Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://labs.mwrinfosecurity.com/advis...
Whiteboard: B2 [glsa]
Keywords:
Depends on: 349608
Blocks:
  Show dependency tree
 
Reported: 2010-11-26 21:09 UTC by Tim Sammut (RETIRED)
Modified: 2014-12-12 00:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-11-26 21:09:20 UTC
From $URL:

xine-lib is affected by a memory corruption vulnerability because it uses a variable without initialising it, this could be exploited by an attacker in order to execute arbitrary code on the target system with the privileges of the logged in user.

This is fixed in =media-libs/xine-lib-1.1.19.

media-video, are we ok to stabilize =media-libs/xine-lib-1.1.19. Thank you.
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-10 12:06:40 UTC
The stabilization is now being handled in bug #349608, eh.
Comment 2 Samuli Suominen gentoo-dev 2011-01-10 15:56:23 UTC
all arch's done
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-01-10 18:33:46 UTC
GLSA request filed.
Comment 4 Mike MacDonald 2013-07-01 03:10:30 UTC
Surely this can be closed, as affected versions are no longer in portage?
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 00:36:15 UTC
This issue was resolved and addressed in
 GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).