xine-lib/src/input, branch 1.1.16.2

Fix broken size checks in various input plugins (ref. CVE-2008-5239).

2009-02-10T17:17:50+00:00

Add allocation checks to the Real MDPR parsing code (ref. CVE-2008-5240).

2009-01-18T15:10:32+00:00

Remove '#include "config.h"' from all public header files.

2009-01-18T00:21:47+00:00

This requires that many other files include config.h themselves.
Also convert  to "config.h".

Avoid libtool running ldconfig (where not needed) at install time.

2009-01-17T14:30:50+00:00

Fix a broken size check in the pvr input plugin (ref. CVE-2008-5239).

2009-01-16T18:16:17+00:00

Fixed lvalue cast error (build with newer mingw compilation tools).

2009-01-12T18:24:48+00:00

Merge security fixes.

2009-01-05T14:50:58+00:00

Fix for CVE-2008-5239

2009-01-04T17:21:46+00:00

xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not
properly handle (a) negative and (b) zero values during unspecified
read function calls in input_file.c, input_net.c, input_smb.c, and
input_http.c, which allows remote attackers to cause a denial of
service (crash) or possibly execute arbitrary code via vectors such as
(1) a file or (2) an HTTP response, which triggers consequences such
as out-of-bounds reads and heap-based buffer overflows.

libmms does not handle percent-encoded uri

2009-01-01T15:42:09+00:00

libmms will always fail to request media with URIs containing percent-encoded
characters. This is because the path component in the MMS URI should be
decoded before it is sent to the server.

http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-MMSP%5D.pdf
(page 48)

Fix size of mrls array.

2008-12-20T01:05:30+00:00