Debian Package Tracker

From: Darren Salt <linux@youmustbejoking.demon.co.uk>
To: <debian-changes@lists.debian.org>
Subject: Accepted xine-lib 1.0.1-1sarge7 (source i386)
Date: Wed, 02 Apr 2008 19:52:22 +0000
Signed by: Florian Weimer <fw@deneb.enyo.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 13 Mar 2008 14:20:06 +0000
Source: xine-lib
Binary: libxine-dev libxine1
Architecture: source i386
Version: 1.0.1-1sarge7
Distribution: oldstable-security
Urgency: high
Maintainer: Siggi Langauf <siggi@debian.org>
Changed-By: Darren Salt <linux@youmustbejoking.demon.co.uk>
Description: 
 libxine-dev - the xine video player library, development packages
 libxine1   - the xine video/media player library, binary files
Changes: 
 xine-lib (1.0.1-1sarge7) oldstable-security; urgency=high
 .
   * Security bug fixes:
     - CVE-2007-1246, CVE-2007-1387: DirectShow video decoder opening
       functions (used with some Win32 codecs), fail to set biSize before use
       in a memcpy, which allows user-assisted remote attackers to cause a
       buffer overflow and possibly execute arbitrary code.
     - CVE-2008-1161: Buffer overflow which may allow remote attackers to
       crash the program and/or execute arbitrary code via a crafted Matroska
       file.
     - CVE-2008-0073: Array indexing vulnerability in Real SDP parsing.
     - Not applicable:
       + CVE-2008-0486: affected code is not present.
       + CVE-2008-1110: significantly different code.
   * Backport an SDP parser check for stream identifier before stream count.
   * Add myself to Uploaders, mainly to keep lintian quiet.
Files: 
 e3390f1650e0a1744f1cf81ce2ac30b9 1400 libs optional xine-lib_1.0.1-1sarge7.dsc
 f025acfa0e41de184799393ea9a54e0a 7327 libs optional xine-lib_1.0.1-1sarge7.diff.gz
 36c35bdbcdafb36c96052c67915d3e83 107842 libdevel optional libxine-dev_1.0.1-1sarge7_i386.deb
 2f670ca7711c7621e92ce6ff47f89128 4206034 libs optional libxine1_1.0.1-1sarge7_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR+TRGb97/wQC1SS+AQLjtwf/bYg7UA9WcYzAltcLSlA9+YPxcfOBJkrM
5K2l5usBi0dE6eOeN4nsryAnEilxH23HAILy32y+6q6bbxMAmVdc/+FW2LCNcm2L
hHlsKwBWiSKHaSUI3A2Q8Nx1n549uQywA3gS8hCzRwN1jaCV8DZaRhXKaLOXUOrj
qoW/XsV6CASR2pGGTjaBLVIUubZhT9lWn0eaNqKbfzaO9cqHTneZP38ArRgXe483
81A9E7sfdXLEmNUZ13KehRc2gZ/7gyTzvqZKdT9m/yR7yW25HAf9gHPcAQHwbo46
3PtffTXxRq4TQ5WMKOMUBdlC7iB9plqWEXDWIQjQgXs2rYwA7W0h4g==
=a6p4
-----END PGP SIGNATURE-----


Accepted:
libxine-dev_1.0.1-1sarge7_i386.deb
  to pool/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_i386.deb
libxine1_1.0.1-1sarge7_i386.deb
  to pool/main/x/xine-lib/libxine1_1.0.1-1sarge7_i386.deb
xine-lib_1.0.1-1sarge7.diff.gz
  to pool/main/x/xine-lib/xine-lib_1.0.1-1sarge7.diff.gz
xine-lib_1.0.1-1sarge7.dsc
  to pool/main/x/xine-lib/xine-lib_1.0.1-1sarge7.dsc

News for package xine-lib