-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 07 Jan 2007 19:32:05 +0000 Source: gxine Binary: gxineplugin gxine Architecture: source i386 Version: 0.5.8-2 Distribution: unstable Urgency: high Maintainer: Siggi Langauf <siggi@debian.org> Changed-By: Darren Salt <linux@youmustbejoking.demon.co.uk> Description: gxine - the xine video player, GTK+/Gnome user interface gxineplugin - the xine video player, GTK+/Gnome; launcher plugin for Mozilla Closes: 405876 Changes: gxine (0.5.8-2) unstable; urgency=high . * SECURITY FIX (local exploit) (closes: #405876) This version fixes a potential buffer overflow in gxine's server component and in gxine_client. This overflow would occur were $HOME sufficiently long - 94 bytes or more would cause socket creation or connection failure, and 242 bytes or more would cause a segfault or possible arbitrary code execution. * Enabled the watchdog code (which will kill gxine if it gets stuck for 30 seconds). Files: a70e2c33df871c4dad74c9598bd0d07f 806 graphics optional gxine_0.5.8-2.dsc 849c0a07f5f167b18e2026329df2aa33 7740 graphics optional gxine_0.5.8-2.diff.gz b4f1e6d72e41e5b02cff04b6f65e436c 459784 graphics optional gxine_0.5.8-2_i386.deb 551717a3ae8dd0dc2d8d642679875b76 7074 graphics optional gxineplugin_0.5.8-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Debian Powered! iD8DBQFFoW1qmAg1RJRTSKQRAuKkAJ4ynmOCWJ/O4kLmr03Gf+Lsr2vTYwCfQCfR WnthRzCkQsZfGXUnYu9/cwI= =m0wX -----END PGP SIGNATURE----- Accepted: gxine_0.5.8-2.diff.gz to pool/main/g/gxine/gxine_0.5.8-2.diff.gz gxine_0.5.8-2.dsc to pool/main/g/gxine/gxine_0.5.8-2.dsc gxine_0.5.8-2_i386.deb to pool/main/g/gxine/gxine_0.5.8-2_i386.deb gxineplugin_0.5.8-2_i386.deb to pool/main/g/gxine/gxineplugin_0.5.8-2_i386.deb
