[ Please stop top-posting. It is very difficult for other people to follow the discussion if they have to scroll past your answers to find the questions and the context. ]
On Wed, Jan 23, 2008 at 23:32:19 +0530, Amogh Hooshdar wrote: > This is the output of list plugins. > > $ xine --list-plugins=demux > This is xine (X11 gui) - a free video player v0.99.6cvs. > (c) 2000-2007 The xine Team. > > Available xine's plugins: > -Demuxer: > anx, image, iff, yuv4mpeg2, mpeg_pes, mpeg_block, wve, idcin, ipmovie, > vqa, wc3movie, roq, str, film, smjpeg, fourxm, vmd, matroska, flashvideo, > nsv, ogg, avi, fli, pva, quicktime, aud, aiff, flac, nsf, realaudio, snd, > tta, voc, vox, mod, mng, real, asf, mpeg-ts, slave, mpeg, rawdv, sputext, > elem, yuv_frames, wavpack. Seems like it really does not know how to demux mp3s anymore. (Version 1.1.9-1 in Sid lists "mp3"explicitly when I run the same command.) > Also, an upgrade was involved regarding libxine. Here are the lines:- > > [UPGRADE] libxine1 1.1.8-3 -> 1.1.8-3+lenny1 > [UPGRADE] libxine1-console 1.1.8-3 -> 1.1.8-3+lenny1 > [UPGRADE] libxine1-doc 1.1.8-3 -> 1.1.8-3+lenny1 > [UPGRADE] libxine1-ffmpeg 1.1.8-3 -> 1.1.8-3+lenny1 > [UPGRADE] libxine1-gnome 1.1.8-3 -> 1.1.8-3+lenny1 > [UPGRADE] libxine1-misc-plugins 1.1.8-3 -> 1.1.8-3+lenny1 > [UPGRADE] libxine1-plugins 1.1.8-3 -> 1.1.8-3+lenny1 > [UPGRADE] libxine1-x 1.1.8-3 -> 1.1.8-3+lenny1 That is a security-related upgrade; see bug #460551. > Nothing about libmad0 in the log file. I checked again and it turns out that I probably was wrong earlier: It seems that mp3s in Lenny are handled directly by xineplug_dmx_audio.so from package libxine1-misc-plugins. > So, what should I do now to fix this issue? Why do I have to > downgrade? Wouldn't this problem be fixed in Lenny at all? Please > suggest the best possible path from here. It is maybe not advisable to downgrade to the vulnerable versions of the libxine1-* packages. (When I wrote my previous mail I had not realized yet that this is a security upgrade.) Unfortunately I do not know if disabling mp3s was an integral part of fixing the security hole or just a mistake that could have been avoided. The upgraded package was not produced by the regular libxine1 maintainer. If you don't care about the security implications then you can either downgrade to the old version or upgrade to 1.1.9-1 from unstable, which seems to be equally vulnerable to the exploit. If you want to be safe then you probably have to wait for version 1.1.9-2 to become available in unstable and trickle down to testing. -- Regards, | http://users.icfo.es/Florian.Kulzer Florian | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
