From SecurityFocus.com: Gxine is susceptible to a remote format string vulnerability. This issue is due to a failure of the application to securely implement a formatted printing function. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Vulnerable versions: xine gxine 0.4.0 xine gxine 0.4.1 xine gxine 0.4.2 xine gxine 0.4.3 xine gxine 0.4.4 Reproducible: Always Steps to Reproduce:
media-video, pls verify/advise
Upstream is aware of it : http://sourceforge.net/mailarchive/forum.php?thread_id=7337157&forum_id=7131
Also 0.3.3 is vulnerable. I've added new versions (0.3.3-r2, 0.4.1-r1 and 0.4.4) with a patch which should fix the problem. I also sent the patch to upstream author.
sparc, x86, take your preferred fix version and stabilize it.
CAN number asked to MITRE
CVE id assigned.
*** Bug 93939 has been marked as a duplicate of this bug. ***
0.4.1-r1 stable on SPARC
GLSA is ready, x86 testers / Diego: please test and mark stable on x86 (if stable)
0.4.1-r1 stable on x86
GLSA 200505-19