-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 13 Mar 2008 14:19:59 +0000 Source: xine-lib Binary: libxine1-dbg libxine-dev libxine1 Architecture: source amd64 Version: 1.1.2+dfsg-6 Distribution: stable-security Urgency: low Maintainer: Siggi Langauf <siggi@debian.org> Changed-By: Darren Salt <linux@youmustbejoking.demon.co.uk> Description: libxine-dev - the xine video player library, development packages libxine1 - the xine video/media player library, binary files libxine1-dbg - the xine video/media player library, debug data Closes: 464696 Changes: xine-lib (1.1.2+dfsg-6) stable-security; urgency=low . * Security bug fixes: - CVE-2008-0486: Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. (Closes: #464696) - CVE-2008-1161: Buffer overflow which may allow remote attackers to crash the program and/or execute arbitrary code via a crafted Matroska file. - CVE-2008-0073: Array indexing vulnerability in Real SDP parsing. - Not applicable: + CVE-2008-1110: significantly different code. * Backport an SDP parser check for stream identifier before stream count. * Belatedly add myself to Uploaders. Files: 318b9a5c7e265ceecd379c1bf78cc59d 1877 libs optional xine-lib_1.1.2+dfsg-6.dsc 41569cc160815132939b2700db086b97 23720 libs optional xine-lib_1.1.2+dfsg-6.diff.gz ba9ab3b1f580ee330b4648a6e19189bc 117242 libdevel optional libxine-dev_1.1.2+dfsg-6_amd64.deb 7f2b4fc1c76ff16a0b2ec9c568c56dd0 3048320 libs optional libxine1_1.1.2+dfsg-6_amd64.deb c4d7e60c377627b0ab13e9d6a3a104c7 3659052 libs extra libxine1-dbg_1.1.2+dfsg-6_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR+TRGb97/wQC1SS+AQL1Jgf/fwF6TMDZ4g+SUZI0ZfcIAcW6PWj6wNOZ I5EOAYmQqlLAK8MeggDJPfvisqiHeUogaQ833Drt6m3Wfd1uhgTfej/xlyfrMhjA 7t9w2uLzwvFcJWcbDKxuW+nQirg7vtj8kHw0pGro9/HDZyqrFb3O31ZTNopee6k7 dk7FMEVqB4Dx3YzvQ6TDVzm4KLU3+3auaJQMVf5YAZ14uQw6kAAYRzZE7gCYvjrZ RQfo0cr25N77wBJb4yk994CLTrmWnCvWpA/qreyfMEbugb8u+ECFIFYjYT7nCEDZ 3btklyrHCfFv9OJRCMWBDDT4CmUBcVKJgejks469DVXwZ9A3xwj1Yw== =j89o -----END PGP SIGNATURE----- Accepted: libxine-dev_1.1.2+dfsg-6_amd64.deb to pool/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_amd64.deb libxine1-dbg_1.1.2+dfsg-6_amd64.deb to pool/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_amd64.deb libxine1_1.1.2+dfsg-6_amd64.deb to pool/main/x/xine-lib/libxine1_1.1.2+dfsg-6_amd64.deb xine-lib_1.1.2+dfsg-6.diff.gz to pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.diff.gz xine-lib_1.1.2+dfsg-6.dsc to pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.dsc