Package: xine-lib Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xine-lib.
CVE-2008-5246[0]: | Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow | remote attackers to execute arbitrary code via vectors that send ID3 | data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame | functions in src/demuxers/id3.c. NOTE: the provenance of this | information is unknown; the details are obtained solely from third | party information. Your upstream fix: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d7;style=gitweb Btw a rather strange way to fix an integer overflow + a strange comment. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5246 http://security-tracker.debian.net/tracker/CVE-2008-5246 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpwVwtovoNYt.pgp
Description: PGP signature
