Fedora 10: 2009-0483 Moderate: xine-lib Security Threat Resolved

This package contains the Xine library. Xine is a free multimedia player.

It can play back various media. It also decodes multimedia files from local

disk drives, and displays multimedia streamed over the Internet. It

interprets many of the most common multimedia formats available - and some

of the most uncommon formats, too. --with/--without rpmbuild options

(some default values depend on target distribution): aalib, caca, directfb,

imagemagick, freetype, antialiasing (with freetype), pulseaudio, xcb.

This updates xine-lib to the upstream 1.1.16 release. This fixes several bugs,

including the security issues CVE-2008-5234 vector 1, CVE-2008-5236,

CVE-2008-5237, CVE-2008-5239, CVE-2008-5240 vectors 3 & 4 and CVE-2008-5243. See

;group_id=9655 for

the full list of changes. In addition, the Fedora xine-lib package now

includes the demuxers for the MPEG container format, which are not patent-encumbered. (The decoders for actual MPEG video and audio data are still

excluded due to software patents.)

* Wed Jan 7 2009 Rex Dieter - 1.1.16-1

- xine-lib-1.1.16, plugin ABI 1.25

- --with-external-libdvdnav, include mpeg demuxers (#213597)

* Fri Dec 12 2008 Rex Dieter - 1.1.15-4

- rebuild for pkgconfig deps

[ 1 ] Bug #213597 - xine-lib: include MPEG demuxers

https://bugzilla.redhat.com/show_bug.cgi?id=213597

su -c 'yum update xine-lib' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/