Improve security bug fix description & add its CVE no.

author: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-03-25 14:45:05 +0000
committer: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-03-25 14:45:05 +0000
commit: 38c7aa2581a80ca5fda454af74e0bd12f4f159b6 (patch)
tree: 533936af2f7aa0d8315bc4fe5eb4ac25d9b48d81
parent: 2f6bd99aa3b9e9bee0601f90ab6e772c011c50ad (diff)
download: xine-lib-38c7aa2581a80ca5fda454af74e0bd12f4f159b6.tar.gz
xine-lib-38c7aa2581a80ca5fda454af74e0bd12f4f159b6.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index af30be981..4f2c4d857 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 xine-lib (1.1.11.1) 2008-??-??
   * Security fixes:
-    - Heap overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM demuxers.
+    - Integer overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM
+      demuxers, allowing remote attackers to trigger heap overflows and
+      possibly execute arbitrary code. (CVE-2008-1482)
   * Added a few more memory allocation checks to the above demuxers.
   * WAV file playback fix: don't assume that the first chunk is "fmt ".
author	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-03-25 14:45:05 +0000
committer	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-03-25 14:45:05 +0000
commit	38c7aa2581a80ca5fda454af74e0bd12f4f159b6 (patch)
tree	533936af2f7aa0d8315bc4fe5eb4ac25d9b48d81
parent	2f6bd99aa3b9e9bee0601f90ab6e772c011c50ad (diff)
download	xine-lib-38c7aa2581a80ca5fda454af74e0bd12f4f159b6.tar.gz xine-lib-38c7aa2581a80ca5fda454af74e0bd12f4f159b6.tar.bz2