Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 10: 2009-3433 Critical Advisory for xine-lib Integer Overflow

fedora
Calendar Grey April 9, 2009
Dist Fedora Esm H88
An update for xine-lib in Fedora 10 has been rolled out to tackle security vulnerabilities and implement various bug resolutions.
Maintenance release

Summary

This package contains the Xine library. It can be used to play back

various media, decode multimedia files from local disk drives, and display

multimedia streamed over the Internet. It interprets many of the most

common multimedia formats available - and some uncommon formats, too.

Maintenance release. Fixes two security problems (CVE-2009-0385, CVE-2009-1274)

and a few miscellaneous bugs. See the upstream changelog for details:

https://sourceforge.net/projects/xine/;release_id=673233

* Fri Apr 3 2009 Rex Dieter - 1.1.16.3-1

- xine-lib-1.1.16.3, plugin-abi 1.26

* Thu Mar 26 2009 Rex Dieter - 1.1.16.2-6

- add-mime-for-mod.patch

* Tue Mar 10 2009 Kevin Kofler - 1.1.16.2-5

- rebuild for new ImageMagick

* Thu Feb 26 2009 Fedora Release Engineering - 1.1.16.2-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Fri Feb 20 2009 Rex Dieter - 1.1.16.2-3

- xine-lib-devel muiltilib conflict (#477226)

* Tue Feb 17 2009 Rex Dieter - 1.1.16.2-2

- xine-lib-safe-audio-pause3 patch (#486255, kdebug#180339)

* Tue Feb 10 2009 Kevin Kofler - 1.1.16.2-1.1

- also patch the caca version check in configure(.ac)

* Tue Feb 10 2009 Rex Dieter - 1.1.16.2-1

- xine-lib-1.1.16.2

* Mon Feb 9 2009 Rex Dieter - 1.1.16.1-4

- gapless-race-fix patch (kdebug#180339)

* Sat Feb 7 2009 Rex Dieter - 1.1.16.1-3

- safe-audio-pause patch (kdebug#180339)

* Mon Jan 26 2009 Rex Dieter - 1.1.16.1-2

- Provides: xine-lib(plugin-abi)%{?_isa} = %{plugin_abi}

- touchup Summary/Description

* Fri Jan 23 2009 Rex Dieter - 1.1.16.1-1

- xine-lib-1.1.16.1

- include avsync patch (#470568)

* Sun Jan 18 2009 Rex Dieter - 1.1.16-2

- drop deepbind patch (#480504)

- caca support (EPEL)

* Wed Jan 7 2009 Kevin Kofler - 1.1.16-1.1

- patch for old libcaca in F9-* Wed Jan 7 2009 Rex Dieter - 1.1.16-1

- xine-lib-1.1.16, plugin ABI 1.25

- --with-external-libdvdnav, include mpeg demuxers (#213597)

* Fri Dec 12 2008 Rex Dieter - 1.1.15-4

- rebuild for pkgconfig deps

[ 1 ] Bug #495031 - CVE-2009-1274 xine-lib: Quicktime STTS Atom Integer Overflow (TKADV2009-005)

https://bugzilla.redhat.com/show_bug.cgi?id=495031

su -c 'yum update xine-lib' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security issue critical software update Fedora integer overflow xine-lib

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 10
Version: 1.1.16.3
Release: 1.fc10
URL: http://xinehq.de/
Summary: A multimedia engine

Topics%20covered

Topics Covered

security advisory security issue critical software update Fedora integer overflow xine-lib

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here