Merge from 1.1.

author: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-01-25 01:01:38 +0000
committer: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-01-25 01:01:38 +0000
commit: 12616f93313e4ee562b5d774df2cd77f2c1b955b (patch)
tree: 7f7afcc501390b18bf66b11885ba35e7c82d7d73 /ChangeLog
parent: d3f318eec71d38ce34f590daef0fed1f6cbf2eae (diff)
parent: 6c456a0d597c2a96aadee33c7af5845de279e478 (diff)
download: xine-lib-12616f93313e4ee562b5d774df2cd77f2c1b955b.tar.gz
xine-lib-12616f93313e4ee562b5d774df2cd77f2c1b955b.tar.bz2
1 files changed, 10 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 896855926..a13e43b4a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -66,11 +66,16 @@ xine-lib (1.1.10) (unreleased)
     end authors should be careful with xine-lib older than 1.1.10.
   * Backported xine-config & libxine.pc from 1.2.
     Consequently, xine-config now requires pkg-config.
+  * Sanity-check ASF header sizes. This fixes a crash in the ASF demuxer,
+    caused by the example exploit given for CVE-2006-1664.
+  * Don't discard audio samples forever. Fixed streaming playback.
+  * Fix a possible crash on channel change in the DVB plugin.
 
 xine-lib (1.1.9.1) 2008-01-11
   * Security fixes:
     - Buffer overflow which allows a remote attacker to execute arbitrary
-      code via a crafted SDP Abstract attribute. (CVE-2008-0225)
+      code via a crafted SDP Abstract attribute.
+      (CVE-2008-0225, a.k.a. CVE-2008-0238)
       (Fix ported from mplayer changeset 22821)
   * Fix a read-past-end bug in xine-lib's internal strtok_r replacement.
     (Only affects systems without strtok_r.) [Bug #19]
@@ -195,8 +200,9 @@ xine-lib (1.1.6) 2007-04-17
 
 xine-lib (1.1.5) 2007-04-10
   * Security fixes:
-    - Fix heap overflow in DMO loader. (CVE-2007-1246) [Bug SF 1676925]
+    - Fix heap overflow in DMO and DirectShow loaders.
       Thanks to Kees Cook for reporting.
+      (CVE-2007-1246 & CVE-2007-1387) [Bug SF 1676925]
   * Improved PulseAudio plugin, now only one connection per instance is opened
     and the mainloop is threaded to reduce latency during playback.
   * Added XCB-based output plugins (Xv and XShm), to use in software using
@@ -316,8 +322,9 @@ xine-lib (1.1.4) 2007-01-28
 xine-lib (1.1.3) 2006-12-03
   * Security fixes:
     - Heap overflow in libmms (related to CVE-2006-2200)
-    - Buffer overrun in Real Media input plugin. [Bug SF 1603458]
+    - Buffer overrun in Real Media input plugin.
       Thanks to Roland Kay for reporting and JW for the patch.
+      (CVE-2006-6172) [Bug SF 1603458]
   * Update build system to support x86 Darwin setups, and merge patches to
     support Darwin OS better.
   * Replace custom ALSA check with pkg-config check, and make sure 0.9.0 is
author	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-01-25 01:01:38 +0000
committer	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-01-25 01:01:38 +0000
commit	12616f93313e4ee562b5d774df2cd77f2c1b955b (patch)
tree	7f7afcc501390b18bf66b11885ba35e7c82d7d73 /ChangeLog
parent	d3f318eec71d38ce34f590daef0fed1f6cbf2eae (diff)
parent	6c456a0d597c2a96aadee33c7af5845de279e478 (diff)
download	xine-lib-12616f93313e4ee562b5d774df2cd77f2c1b955b.tar.gz xine-lib-12616f93313e4ee562b5d774df2cd77f2c1b955b.tar.bz2