Brad wrote:
On Sat, Jan 10, 2009 at 06:26:52PM -0500, Brad wrote:
On Thu, Jan 08, 2009 at 02:21:37AM -0500, Brad wrote:
Here is an update to Xine-lib 1.1.16. A bunch of security fixes
and a lot of bug fixes.
* Security fixes:
- Heap overflow in Quicktime atom parsing. (CVE-2008-5234 vector 1)
- Multiple buffer overflows. (CVE-2008-5236)
- Multiple integer overflows. (CVE-2008-5237)
- Unchecked read function results. (CVE-2008-5239)
- Unchecked malloc using untrusted values. (CVE-2008-5240 vectors 3 & 4)
- Buffer indexing using an untrusted value. (CVE-2008-5243)
Please test.
If you had problems building the previous revision of this diff please
try this revision as it should resolve those issues..
A quick 1.1.16.1 release has been made which consits of mainly
bug fixes, build fixes and a regression fix or two for 1.1.16.
Please test.
Works for me on amd64 but not so much on i386.
There xine can't play ogg audio any more, though the xineplug_dmx_ogg.so
is there. With mp4 it's only able to play video, no sound. It complains
about missing demuxer plugins in both cases.
I'm pretty sure it worked with the 1.1.16 patch on i386, too.
Other stuff like mp3 is still ok.
