Fedora Legacy Test Update Notification: xine
Marc Deslauriers
marcdeslauriers at videotron.ca
Thu Mar 16 01:30:52 UTC 2006
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-152873
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152873
2006-03-15
---------------------------------------------------------------------
Name : xine
Versions : rh73: xine-0.9.8-4.2.legacy
Summary : A free video player.
Description :
xine is a free gpl-licensed video player for unix-like systems.
---------------------------------------------------------------------
Update Information:
An updated xine package that fixes security bugs is now available.
xine is a free gpl-licensed video player for unix-like systems.
A vulnerability has been reported in the way xine handles a bug report
email. A local user could create a specially crafted symlink which could
result in xine overwriting a file which it has write access to. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2004-0372 to this issue.
A heap overflow has been found in the DVD subpicture decoder of
xine-lib. This can be used for a remote heap overflow exploit, which
can, on some systems, lead to or help in executing malicious code with
the permissions of the user running a xine-lib based media application.
All users of xine should upgrade to this updated package, which includes
backported patches to correct these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Wed Mar 01 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:0.9.8-4.2.legacy
- Added missing arts-devel, audiofile-devel, esound-devel, libogg-devel,
and libvorbis-devel to BuildRequires
* Wed Jan 12 2005 Pekka Savola <pekkas at netcore.fi> 1:0.9.8-4.1.legacy
- fix CAN-2004-0372 and XSA-2004-5 (#2348)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh73:
297e2b6fb5bb2dad8629944e03dc8d7635f5c225
redhat/7.3/updates-testing/i386/xine-0.9.8-4.2.legacy.i386.rpm
465a4ea2a12017a0cee76883e9263ece27c31a6d
redhat/7.3/updates-testing/i386/xine-devel-0.9.8-4.2.legacy.i386.rpm
7336c58504919c05a6ccd5caac1c4a41bb7b7c12
redhat/7.3/updates-testing/SRPMS/xine-0.9.8-4.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060315/6ec96a6a/attachment.sig>
More information about the fedora-legacy-list
mailing list