Details are in the upstream bug report. I'm waiting until upstream confirms this patch before going anywhere with it. Once they have confirmed it, then I'll apply (or apply their modified version). I decided the best way of contacting upstream was through their tracker system, which sends emails to various lists about xine bugs. Therefore this bug is open instead of fightclub (as originally intended). I pretty much felt that the kaffiene FD mail (it uses the EXACT same http code as gxine) sort of put it out in the open. More information to come soon :).
video/Chris White please provide a fixed ebuild.
Patch applied in r1. Don't think this needs a glsa as it's ~arch'ed across the board. You're call though :P. I'll get rid of the non-r1 version after work.
Arches please mark stable and disregard Chris' ~arch rambling in comment #2
x86 stable
Stable on sparc.
Merged gxine and Kaffeine into a single GLSA. Security, please review.
GLSA 200411-14