Changelog updates.

author: Darren Salt <linux@youmustbejoking.demon.co.uk> 2009-01-05 14:50:15 +0000
committer: Darren Salt <linux@youmustbejoking.demon.co.uk> 2009-01-05 14:50:15 +0000
commit: 8f725b5644ac910294fbe28929ddc98cd1d2ad38 (patch)
tree: cfb7846d11648574ef99692a28cba67db9e2a67f
parent: 82a5ac7e7ef212e08d63a8f31482548fdb3c9ba4 (diff)
download: xine-lib-8f725b5644ac910294fbe28929ddc98cd1d2ad38.tar.gz
xine-lib-8f725b5644ac910294fbe28929ddc98cd1d2ad38.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index bb9c629f1..d625fd78a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,15 @@
 xine-lib (1.1.16) 2008-??-??
   * Security fixes:
+    - Heap overflow in Quicktime atom parsing.                 (CVE-2008-5234)
+    - Multiple buffer overflows.                               (CVE-2008-5236)
+    - Multiple integer overflows.                              (CVE-2008-5237)
+    - Unchecked or incompletely-checked read function results. (CVE-2008-5239)
+    - Unchecked malloc using untrusted values.                 (CVE-2008-5240)
+    - Buffer indexing using untrusted or unchecked values.     (CVE-2008-5243)
     - Integer overflows in the ffmpeg audio decoder and the CDDA server.
     - Heap buffer overflow in the ffmpeg video decoder.
+    - Avoid segfault on invalid track type in Matroska files.
+    - Avoid underflow (compressed atoms) in the Qt demuxer.
   * Fix reported compilation failures (with C++ programs).
   * Fix CDDB access in 64-bit builds.
author	Darren Salt <linux@youmustbejoking.demon.co.uk>	2009-01-05 14:50:15 +0000
committer	Darren Salt <linux@youmustbejoking.demon.co.uk>	2009-01-05 14:50:15 +0000
commit	8f725b5644ac910294fbe28929ddc98cd1d2ad38 (patch)
tree	cfb7846d11648574ef99692a28cba67db9e2a67f
parent	82a5ac7e7ef212e08d63a8f31482548fdb3c9ba4 (diff)
download	xine-lib-8f725b5644ac910294fbe28929ddc98cd1d2ad38.tar.gz xine-lib-8f725b5644ac910294fbe28929ddc98cd1d2ad38.tar.bz2