xine-lib 1.1.15.xine-lib-1_1_15-release 1.1.15

author: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-08-14 22:16:47 +0100
committer: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-08-14 22:16:47 +0100
commit: 422e592707e4ffca39528d6e349357adb2d55c96 (patch)
tree: dc227c4b27b901f2fe68e8fee80077f486da375e /ChangeLog
parent: 2c0dd5e118628a7cb2130ee89f78fe6e85240916 (diff)
download: xine-lib-1.1.15.tar.gz
xine-lib-1.1.15.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index e2251597e..3368747fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,13 @@
-xine-lib (1.1.15) 2008-??-??
+xine-lib (1.1.15) 2008-08-14
   * Security fixes:
     - Fix crashes with various corrupted media files, including Ogg.
       (CVE-2008-3231)
       This includes a libfaad update from the 1.2 branch.
     - Delay V4L video frame preallocation until we know how large they'll be.
+    - Fix an exploitable ID3 heap buffer overflow.
+    - Check for possible buffer overflow attempts in the Real demuxer.
+    - Use size_t for data length variables where there may be int overflows.
+    - Add some checks for memory allocation failures.
   * Use external ffmpeg and libfaad by default.
   * V4L: Don't segfault if asked for an input that doesn't exist.
   * Recognise AMR audio (normally found in 3GP files).
author	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-08-14 22:16:47 +0100
committer	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-08-14 22:16:47 +0100
commit	422e592707e4ffca39528d6e349357adb2d55c96 (patch)
tree	dc227c4b27b901f2fe68e8fee80077f486da375e /ChangeLog
parent	2c0dd5e118628a7cb2130ee89f78fe6e85240916 (diff)
download	xine-lib-1.1.15.tar.gz xine-lib-1.1.15.tar.bz2