This bug was fixed in the package xine-lib - 1.1.11.1-1ubuntu1 --------------- xine-lib (1.1.11.1-1ubuntu1) hardy; urgency=low
* New upstream Version, merge from debian/unstable. - Freeze exception Granted in LP: #204557 - Inclused Security fixes: LP: #195700 * Remaining Changes: - add Replaces: libxine-main1 (<< 1.1.2+repacked1-0ubuntu1) in libxine1-bin to make dapper->hardy upgrades work (LP #203605) - Modify Maintainer value to match the DebianMaintainerField specification. xine-lib (1.1.11.1-1) unstable; urgency=high * New upstream release. - CVE-2008-1482: integer overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM demuxers, allowing remote attackers to trigger heap overflows and possibly execute arbitrary code. (Closes: #472639) xine-lib (1.1.11-1) unstable; urgency=high * New upstream release. - CVE-2008-0073: Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted SDP parameter in an RTSP stream. - DVD reader code no longer uses UDF-provided file sizes as authoritative. (Closes: #463177) [Darren Salt] * Remove the versioning from the libmagick9-dev build-dep. * Disable the pulseaudio plugin (don't build, don't install) and remove the build-dep on libpulse-dev for now due to instability: xine-lib has been observed closing the stream due to audio problems. (Closes: #471676) [ Reinhard Tartler ] * add support for 'parallel' keyword in DEB_BUILD_OPTIONS -- Reinhard Tartler <[EMAIL PROTECTED]> Tue, 01 Apr 2008 09:33:39 +0200 ** Changed in: xine-lib (Ubuntu) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0073 -- Freeze exception for xine-lib 1.1.11 https://bugs.launchpad.net/bugs/204557 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs