Google
  Web www.spinics.net

Fedora Legacy Test Update Notification: xine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-152873
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152873
2006-03-15
---------------------------------------------------------------------

Name        : xine
Versions    : rh73: xine-0.9.8-4.2.legacy
Summary     : A free video player.
Description :
xine is a free gpl-licensed video player for unix-like systems.

---------------------------------------------------------------------
Update Information:

An updated xine package that fixes security bugs is now available.

xine is a free gpl-licensed video player for unix-like systems.

A vulnerability has been reported in the way xine handles a bug report
email. A local user could create a specially crafted symlink which could
result in xine overwriting a file which it has write access to. The
Common Vulnerabilities and Exposures project has assigned the name
CVE-2004-0372 to this issue.

A heap overflow has been found in the DVD subpicture decoder of
xine-lib. This can be used for a remote heap overflow exploit, which
can, on some systems, lead to or help in executing malicious code with
the permissions of the user running a xine-lib based media application.

All users of xine should upgrade to this updated package, which includes
backported patches to correct these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Wed Mar 01 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1:0.9.8-4.2.legacy
- Added missing arts-devel, audiofile-devel, esound-devel, libogg-devel,
  and libvorbis-devel to BuildRequires

* Wed Jan 12 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1:0.9.8-4.1.legacy
- fix CAN-2004-0372 and XSA-2004-5 (#2348)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
297e2b6fb5bb2dad8629944e03dc8d7635f5c225
redhat/7.3/updates-testing/i386/xine-0.9.8-4.2.legacy.i386.rpm
465a4ea2a12017a0cee76883e9263ece27c31a6d
redhat/7.3/updates-testing/i386/xine-devel-0.9.8-4.2.legacy.i386.rpm
7336c58504919c05a6ccd5caac1c4a41bb7b7c12
redhat/7.3/updates-testing/SRPMS/xine-0.9.8-4.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Free Internet Dating]     [Yosemite Questions]

Powered by Linux