Mention CVE-2008-1161, which was fixed in 1.1.10.1.

author: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-03-14 16:39:40 +0000
committer: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-03-14 16:39:40 +0000
commit: 7a3a1e423dd9cfcc47152509474bea108fff444f (patch)
tree: 38b3ac24abcab1c66cac61006c46574b4998ed82
parent: 4c52c9ca51da4772a8df3dfd2d6e1d824dbfbea0 (diff)
download: xine-lib-7a3a1e423dd9cfcc47152509474bea108fff444f.tar.gz
xine-lib-7a3a1e423dd9cfcc47152509474bea108fff444f.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 75c3b6309..22c651383 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@ xine-lib (1.1.10.1) 2008-02-07
     - Array index vulnerability which may allow remote attackers to execute
       arbitrary code via a crafted FLAC tag, causing a stack buffer overflow.
       (CVE-2008-0486)
+    - Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c)
+      which may allow remote attackers to cause a denial of service (crash)
+      or possibly execute arbitrary code via a Matroska file with invalid
+      frame sizes. (CVE-2008-1161)
   * Fix a RealPlayer codec detection bug.
   * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag
     size.
author	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-03-14 16:39:40 +0000
committer	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-03-14 16:39:40 +0000
commit	7a3a1e423dd9cfcc47152509474bea108fff444f (patch)
tree	38b3ac24abcab1c66cac61006c46574b4998ed82
parent	4c52c9ca51da4772a8df3dfd2d6e1d824dbfbea0 (diff)
download	xine-lib-7a3a1e423dd9cfcc47152509474bea108fff444f.tar.gz xine-lib-7a3a1e423dd9cfcc47152509474bea108fff444f.tar.bz2