diff options
| author | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2009-01-05 14:50:58 +0000 |
|---|---|---|
| committer | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2009-01-05 14:50:58 +0000 |
| commit | 5347abe5764b0a0ff3ef1d357ce9934a425758fa (patch) | |
| tree | 16114922f1fe3862535ef1898da393648522d48b /ChangeLog | |
| parent | 0907a74b5fa7b8b439f1f8f5db239c7586bfb12d (diff) | |
| parent | 8f725b5644ac910294fbe28929ddc98cd1d2ad38 (diff) | |
| download | xine-lib-5347abe5764b0a0ff3ef1d357ce9934a425758fa.tar.gz xine-lib-5347abe5764b0a0ff3ef1d357ce9934a425758fa.tar.bz2 | |
Merge security fixes.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -1,4 +1,15 @@ xine-lib (1.1.16) 2008-??-?? + * Security fixes: + - Heap overflow in Quicktime atom parsing. (CVE-2008-5234) + - Multiple buffer overflows. (CVE-2008-5236) + - Multiple integer overflows. (CVE-2008-5237) + - Unchecked or incompletely-checked read function results. (CVE-2008-5239) + - Unchecked malloc using untrusted values. (CVE-2008-5240) + - Buffer indexing using untrusted or unchecked values. (CVE-2008-5243) + - Integer overflows in the ffmpeg audio decoder and the CDDA server. + - Heap buffer overflow in the ffmpeg video decoder. + - Avoid segfault on invalid track type in Matroska files. + - Avoid underflow (compressed atoms) in the Qt demuxer. * Fix reported compilation failures (with C++ programs). * Fix CDDB access in 64-bit builds. * Fix seeking FLV clips that don't specify the movie length in the headers. @@ -27,10 +38,16 @@ xine-lib (1.1.15) 2008-08-14 (CVE-2008-3231) This includes a libfaad update from the 1.2 branch. - Delay V4L video frame preallocation until we know how large they'll be. + (CVE-2008-5245) - Fix an exploitable ID3 heap buffer overflow. + (CVE-2008-5234, vector 2) - Check for possible buffer overflow attempts in the Real demuxer. + (CVE-2008-5235) - Use size_t for data length variables where there may be int overflows. - Add some checks for memory allocation failures. + (CVE-2008-5233) + - Fix crashes with MP3 files with metadata consisting only of separators. + (CVE-2008-5248) * Use external ffmpeg and libfaad by default. * V4L: Don't segfault if asked for an input that doesn't exist. * Recognise AMR audio (normally found in 3GP files). @@ -40,7 +57,6 @@ xine-lib (1.1.15) 2008-08-14 others, there would be no problem. * V4L: only try and set the tuner if we're going to use it. Setting the tuner when using baseband video (CVBS, S-Video) breaks the input. - * Fix crashes with MP3 files with metadata consisting only of separators. xine-lib (1.1.14) 2008-06-29 * DVB changes: |