Fedora Legacy Test Update Notification: xine

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Mar 16 01:30:52 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-152873
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152873
2006-03-15
---------------------------------------------------------------------

Name        : xine
Versions    : rh73: xine-0.9.8-4.2.legacy
Summary     : A free video player.
Description :
xine is a free gpl-licensed video player for unix-like systems.

---------------------------------------------------------------------
Update Information:

An updated xine package that fixes security bugs is now available.

xine is a free gpl-licensed video player for unix-like systems.

A vulnerability has been reported in the way xine handles a bug report
email. A local user could create a specially crafted symlink which could
result in xine overwriting a file which it has write access to. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2004-0372 to this issue.

A heap overflow has been found in the DVD subpicture decoder of
xine-lib. This can be used for a remote heap overflow exploit, which
can, on some systems, lead to or help in executing malicious code with
the permissions of the user running a xine-lib based media application.

All users of xine should upgrade to this updated package, which includes
backported patches to correct these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Wed Mar 01 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1:0.9.8-4.2.legacy
- Added missing arts-devel, audiofile-devel, esound-devel, libogg-devel,
  and libvorbis-devel to BuildRequires

* Wed Jan 12 2005 Pekka Savola <pekkas at netcore.fi> 1:0.9.8-4.1.legacy
- fix CAN-2004-0372 and XSA-2004-5 (#2348)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
297e2b6fb5bb2dad8629944e03dc8d7635f5c225
redhat/7.3/updates-testing/i386/xine-0.9.8-4.2.legacy.i386.rpm
465a4ea2a12017a0cee76883e9263ece27c31a6d
redhat/7.3/updates-testing/i386/xine-devel-0.9.8-4.2.legacy.i386.rpm
7336c58504919c05a6ccd5caac1c4a41bb7b7c12
redhat/7.3/updates-testing/SRPMS/xine-0.9.8-4.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060315/6ec96a6a/attachment.sig>

More information about the fedora-legacy-list mailing list