Debian Package Tracker

From: Devin Carraway <devin@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted xine-lib 1.1.2+dfsg-7 (source amd64)
Date: Sat, 26 Jul 2008 09:58:08 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 20 May 2008 23:48:53 -0700
Source: xine-lib
Binary: libxine1-dbg libxine-dev libxine1
Architecture: source amd64
Version: 1.1.2+dfsg-7
Distribution: stable-security
Urgency: low
Maintainer: Siggi Langauf <siggi@debian.org>
Changed-By: Devin Carraway <devin@debian.org>
Description: 
 libxine-dev - the xine video player library, development packages
 libxine1   - the xine video/media player library, binary files
 libxine1-dbg - the xine video/media player library, debug data
Closes: 472639
Changes: 
 xine-lib (1.1.2+dfsg-7) stable-security; urgency=low
 .
   * Non-maintainer upload by the security team
   * Patches from maintainer:
     - CVE-2008-1482: Fix various integer overflows in Qt, Real, WC3Movie,
       Matroska and FILM demuxers, allowing remote attackers to trigger heap
       overflows and possibly execute arbitrary code; fix other possible NULL
       pointer dereferences caused by missing alloc checks. (Closes: #472639)
       The FLV (Flash) demuxer in this version is not patched since the
       affected code was added in 1.1.4.
     - CVE-2008-1686: Unchecked array index may allow remote attackers to
       execute arbitrary code via a header structure containing a
       negative offset, which is used to dereference a function pointer.
     - CVE-2008-1878: Buffer overflow in the NSF demuxer which may allow
       remote attackers to cause a denial of service (crash) or possibly
       execute arbitrary code via an NSF file with a long title or copyright
       message.
     - Backport more calloc usage from the 1.2 branch for extra safety
       against possible integer overflows such as found in CVE-2008-1482.
Files: 
 b0949db5082a590b1afa4f477005f79f 1585 libs optional xine-lib_1.1.2+dfsg-7.dsc
 9ef42da73934e6a981151549e97fd396 32397 libs optional xine-lib_1.1.2+dfsg-7.diff.gz
 f8305c6e72d9fd2a25cb7b144e0d696d 117506 libdevel optional libxine-dev_1.1.2+dfsg-7_amd64.deb
 b94199ba7a4a578db7eb0eefa42b725c 3050404 libs optional libxine1_1.1.2+dfsg-7_amd64.deb
 635669edb747900be1b17a17dba1f564 3660324 libs extra libxine1-dbg_1.1.2+dfsg-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIM8m9U5XKDemr/NIRAvqcAJ9SxvnTMR6dJGLsRYnrZB7e9ixfpgCdEwdR
CkRJdq5YgaQygybbDGDLDtQ=
=dGd9
-----END PGP SIGNATURE-----


Accepted:
libxine-dev_1.1.2+dfsg-7_amd64.deb
  to pool/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_amd64.deb
libxine1-dbg_1.1.2+dfsg-7_amd64.deb
  to pool/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_amd64.deb
libxine1_1.1.2+dfsg-7_amd64.deb
  to pool/main/x/xine-lib/libxine1_1.1.2+dfsg-7_amd64.deb
xine-lib_1.1.2+dfsg-7.diff.gz
  to pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.diff.gz
xine-lib_1.1.2+dfsg-7.dsc
  to pool/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.dsc
News for package xine-lib
