lp:ubuntu/hardy-updates/xine-lib
- Get this branch:
- bzr branch lp:ubuntu/hardy-updates/xine-lib
Branch merges
Branch information
Recent revisions
- 48. By Marc Deslauriers
-
* SECURITY UPDATE: Integer overflow in the 4xm demuxer
- src/demuxers/demux_4xm. c: Fix additional integer overflow, as
previous fix was incomplete.
- http://hg.debian. org/hg/ xine-lib/ xine-lib/ rev/7799748cc0f 2
- CVE-2009-0698
* SECURITY UPDATE: Integer overflow in the QT demuxer via large count
value in an STTS atom
- src/demuxers/demux_qt. c: validate atom size
- http://hg.debian. org/hg/ xine-lib/ xine-lib/ rev/d21a4564db0 3
- CVE-2009-1274 - 47. By Marc Deslauriers
-
* REGRESSION: Broken size checks in CVE-2008-5239 input plugins patch
(LP: #322834)
- src/input/input_* .c: fix the size checks broken by the previous
security update.
- http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=b11cc37934 629a2965859163d b6095fbbe2b44be ;style= gitweb
- CVE-2008-5239
* SECURITY UPDATE: Integer overflow in the 4xm demuxer
- src/demuxers/demux_4xm. c: Make sure we don't overflow
fourxm->track_ count.
- http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=ba872682eb a8a10217c48b7fe 21f0fa763ef4af3 ;style= gitweb
- CVE-2009-0698 - 46. By Marc Deslauriers
-
* SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
- src/demuxers/demux_matroska. c: avoid segfault on invalid track type in
Matroska files.
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=7b472fa486 db;style= gitweb
- src/combined/ffmpeg/ ff_video_ decoder. c: fix heap buffer overflow in the
ffmpeg video decoder.
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=ffb2e82d7b b77e87492734f72 c2e5d21fb9ad2c0 ;style= gitweb
- misc/cdda_server.c: fix integer overflow in the the CDDA server.
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=30eb014e9b 320035de309ee44 2ebbff6d405987b ;style= gitweb
- src/demuxers/demux_{ ogg,avi, asf}.c: fix crashes with fuzzed media files.
(CVE-2008-3231)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=967a8e5153 80c0c9b9858125a 054082145002d00 ;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=67bfec7af3 472674ba7396bd4 68b7607339fe102 ;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=4519eeeda3 b3a20489b369969 3d801c3696221da ;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=1805945337 4c49ebfc9660dcc 34acc28afa57d17 ;style= gitweb
- src/demuxers/demux_{ mng,mod} .c: add some checks for memory allocation
failures. (CVE-2008-5233)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=35f0993032 3e46c92e521846b 9ccdfd5e277ad16 ;style= gitweb
- src/demuxers/demux_qt. c: fix heap overflow in Quicktime atom parsing.
(CVE-2008-5234, CVE-2008-5242)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=6e81eec367 01;style= gitweb
- src/demuxers/demux_matroska. c: fix buffer overflows in Matroska demuxer.
(CVE-2008-5236)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=e38bb4b224 31123997a16a186 fe8beb4edcfef87 ;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=8e125da9ec be;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=b01a025953 43;style= gitweb
- src/demuxers/demux_{ mng,qt} .c: fix integer overflows in MNG and QT
demuxers. (CVE-2008-5237)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=9c97a9a9ba 17a487116a198d8 0a74ec7879aa801 ;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=65f524e146 23;style= gitweb
- src/demuxers/{demux_ matroska. c,demux_ mod.c,id3. h}: use size_t for data
length variables where there may be int overflows. (CVE-2008-5238)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=a0830dddbd 35625069506a9c4 9321317cbab8a2d ;style= gitweb
- src/{input,demuxers} /*.c: fix out-of-bounds reads and heap-based buffer
overflows from unchecked or incompletely-checked read function results.
(CVE-2008-5239)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=7fb21abb15 e5a7311a2c15772 1ddfab0a47090ab ;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=5df277a7ee c3;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=f775929597 b1c10142e51674e e02e041b1b87df4 ;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib/ ?cmd=changeset; node=e6efc6d566 961ab231686c1ee 18044f2d45a2b4a ;style= gitweb
- src/demuxers/demux_real. c: fix unchecked malloc using untrusted values.
(CVE-2008-5240)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=01753933e6 647ed29226f18e4 489ce034b569d65 ;style= gitweb
* http://hg.debian. org/hg/ xine-lib/ xine-lib/ ?cmd=changeset; node=071dc93156 e6940a7f1b8bb38 762d521dd5731e8 ;style= gitweb
- src/demuxers/demux_qt. c: fix integer underflow in qt compressed atom
handling. (CVE-2008-5241)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=a57d5ef86b 65bcc195a535812 5fdb34e10a37bb4 ;style= gitweb
- src/demuxers/demux_real. c: fix buffer indexing using untrusted or
unchecked values. (CVE-2008-5243)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=4982c9920f 42657d0797145bf 197127f18d8972c ;style= gitweb
- src/libfaad/*: updated to libfaad 2.6.1 to fix crashes with corrupted
AAC files. (CVE-2008-5244)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=18c0264660 b951b8e5672f1a6 6d1bcecdfeb6ea8 ;style= gitweb
- src/demuxers/id3.c: fix an exploitable ID3 heap buffer overflow.
(CVE-2008-5246)
* http://hg.debian. org/hg/ xine-lib/ xine-lib? cmd=changeset; node=268c1c1639 d766d92b7e7bb11 de7b38482ebe8e9 ;style= gitweb
- src/xine-engine/ info_helper. c: fix crashes with MP3 files with metadata
consisting only of separators. (CVE-2008-5248)
* http://hg.debian. org/hg/ xine-lib/ xine-lib/ ?cmd=changeset; node=60ab5d2bdd 82f00b10205f816 a545337c9363134 ;style= gitweb - 45. By Jamie Strandboge
-
* SECURITY UPDATE: array index vulnerability
* fix for src/libxineadec/xine_speex_ decoder. c to properly validate its
input
* SECURITY UPDATE: buffer overflow in the NSF demuxer
* fix for src/demuxers/demux_nsf. c to use strndup() instead of strdup()
* References
CVE-2008-1686
CVE-2008-1878 - 44. By Reinhard Tartler
-
[ Darren Salt ]
* Fixes from upstream hg:
- Matroska demuxer regression. (Closes: #474316)
- PulseAudio plugin backported & re-enabled.
This takes precedence over ALSA, but falls back cleanly.[ Reinhard Tartler ]
* Cherrypick the above changes to the ubuntu package (LP: #176332, #131914) - 43. By Reinhard Tartler
-
[ Darren Salt ]
* Fixes from upstream hg:
- Quicktime demuxer regression. (Closes: #473499, #473631)
- Wavpack MIME type information.[ Reinhard Tartler ]
- merge changes from debian packaging hg to fetch fix for
LP: #210510 - 42. By Reinhard Tartler
-
* New upstream Version, merge from debian/unstable.
- Freeze exception Granted in LP: #204557
- Inclused Security fixes: LP: #195700
* Remaining Changes:
- add Replaces: libxine-main1 (<< 1.1.2+repacked1-0ubuntu1)
in libxine1-bin to make dapper->hardy upgrades work (LP #203605)
- Modify Maintainer value to match the DebianMaintainerField
specification. - 41. By Michael Vogt
-
* debian/control:
- add Replaces: libxine-main1 (<< 1.1.2+repacked1-0ubuntu1)
in libxine1-bin to make dapper->hardy upgrades work (LP: #203605)
* Modify Maintainer value to match the DebianMaintainerField
specification. - 40. By Darren Salt
-
[Darren Salt]
* libxine-dev: backport an m4 version-parsing fix from hg.
* Fixed an off-by-one (introduced in the security fix) which breaks
playback of some FLAC files. (Closes: #466746)
* Versioned build-dep on libmagick9-dev (for libmagick10). (Closes: #466681)
Add libmagick-dev as an alternative, with the same version requirement.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/xine-lib