Stay Secure with the Latest Linux Advisories

security advisoryfedorasoftware update

Fedora: 2009-0542 Moderate: Xine-Lib Security Fix And MPEG Support

This updates xine-lib to the upstream 1.1.16 release. This fixes several bugs, including the security issues CVE-2008-5234 vector 1, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240 vectors 3 & 4 and CVE-2008-5243. See ;group_id=9655 for the full list of changes. In addition, the Fedora xine-lib package now includes the demuxers for the MPEG container format, which are not patent-encumbered. (The decoders for actual MPEG video and audio data are still excluded due to software patents.). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0542 2009-01-14 23:38:30 --------------------------------------------------------------------------------Name : xine-lib Product : Fedora 9 Version : 1.1.16 Release : 1.fc9.1 URL : http://xinehq.de/ Summary : Xine library Description : This package contains the Xine library. Xine is a free multimedia player. It can play back various media. It also decodes multimedia files from local disk drives, and displays multimedia streamed over the Internet. It interprets many of the most common multimedia formats available - and some of the most uncommon formats, too. --with/--without rpmbuild options (some default values depend on target distribution): aalib, caca, directfb, imagemagick, freetype, antialiasing (with freetype), pulseaudio, xcb. --------------------------------------------------------------------------------Update Information: This updates xine-lib to the upstream 1.1.16 release. This fixes several bugs, including the security issues CVE-2008-5234 vector 1, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240 vectors 3 & 4 and CVE-2008-5243. See ;group_id=9655 for the full list of changes. In addition, the Fedora xine-lib package now includes the demuxers for the MPEG container format, which are not patent-encumbered. (The decoders for actual MPEG video and audio data are still excluded due to softwarepatents.) --------------------------------------------------------------------------------ChangeLog: * Wed Jan 7 2009 Kevin Kofler - 1.1.16-1.1 - patch for old libcaca in F9-* Wed Jan 7 2009 Rex Dieter - 1.1.16-1 - xine-lib-1.1.16, plugin ABI 1.25 - --with-external-libdvdnav, include mpeg demuxers (#213597) * Fri Dec 12 2008 Rex Dieter - 1.1.15-4 - rebuild for pkgconfig deps * Tue Oct 28 2008 Kevin Kofler - 1.1.15-3 - rebuild for new libcaca * Thu Oct 23 2008 Rex Dieter - 1.1.15-2 - respin * Wed Aug 20 2008 Rex Dieter - 1.1.15-1 - xine-lib-1.1.15, plugin ABI 1.24 (rh#455752, CVE-2008-3231) - Obsoletes: -arts (f9+) * Sun Apr 27 2008 Kevin Kofler - 1.1.12-3 - rebuild for new ImageMagick (6.4.0.10) --------------------------------------------------------------------------------References: [ 1 ] Bug #213597 - xine-lib: include MPEG demuxers https://bugzilla.redhat.com/show_bug.cgi?id=213597 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update xine-lib' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Upgrade xine-lib to version 1.1.16 in Fedora 9 to address various bugs and enhance security. This update adds support for MPEG format.. xine-lib Update,Fedora 9 Releases,Multimedia Fixes. . LinuxSecurity.com Team

Jan 14, 2009 Fedora