[SECURITY] Fedora 7 Update: xine-lib-1.1.11.1-1.fc7

updates at fedoraproject.org updates at fedoraproject.org
Wed Apr 9 05:18:08 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-2945
2008-04-08 23:42:20
--------------------------------------------------------------------------------

Name        : xine-lib
Product     : Fedora 7
Version     : 1.1.11.1
Release     : 1.fc7
URL         : http://xinehq.de/
Summary     : Xine library
Description :
This package contains the Xine library. Xine is a free multimedia player.
It can play back various media. It also decodes multimedia files from local
disk drives, and displays multimedia streamed over the Internet. It
interprets many of the most common multimedia formats available - and some
of the most uncommon formats, too.  --with/--without rpmbuild options
(some default values depend on target distribution): aalib, caca, directfb,
imagemagick, freetype, antialiasing (with freetype), pulseaudio, xcb.

--------------------------------------------------------------------------------
Update Information:

This updates xine-lib to 1.1.11.1, which fixes the following security
vulnerabilities: CVE-2008-0073 array indexing (fixed in 1.1.11), CVE-2008-1482
integer overflow (fixed in 1.1.11.1). It also provides a versioned xine-lib
(plugin-abi) so 3rd party packages installing plugins can use it instead of
requiring a version of xine-lib.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #438663 - CVE-2008-1482 xine-lib Integer overflow flaws
        https://bugzilla.redhat.com/show_bug.cgi?id=438663
  [ 2 ] Bug #438182 - CVE-2008-0073 xine-lib: sdpplin_parse() Array Indexing Vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=438182
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update xine-lib' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list