diff options
| author | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2009-01-05 23:40:10 +0000 |
|---|---|---|
| committer | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2009-01-05 23:40:10 +0000 |
| commit | 85f173cd5b12d5a53a94a2616c498cdae68fec2a (patch) | |
| tree | 655dbc4dcb7e2950bde6492c66e2572d53873c6e /ChangeLog | |
| parent | 92d532f070f578c4f7f0df3daadf05497be1ed10 (diff) | |
| parent | 5347abe5764b0a0ff3ef1d357ce9934a425758fa (diff) | |
| download | xine-lib-85f173cd5b12d5a53a94a2616c498cdae68fec2a.tar.gz xine-lib-85f173cd5b12d5a53a94a2616c498cdae68fec2a.tar.bz2 | |
Merge security fixes from 1.1.
--HG--
rename : src/demuxers/demux_nsf.c => src/combined/nsf_demuxer.c
rename : src/demuxers/demux_ogg.c => src/combined/xine_ogg_demuxer.c
rename : src/libsputext/demux_sputext.c => src/spu_dec/sputext_demuxer.c
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -69,6 +69,17 @@ xine-lib (1.1.90) (Unreleased) colour controls, zooming, colour keying. xine-lib (1.1.16) 2008-??-?? + * Security fixes: + - Heap overflow in Quicktime atom parsing. (CVE-2008-5234) + - Multiple buffer overflows. (CVE-2008-5236) + - Multiple integer overflows. (CVE-2008-5237) + - Unchecked or incompletely-checked read function results. (CVE-2008-5239) + - Unchecked malloc using untrusted values. (CVE-2008-5240) + - Buffer indexing using untrusted or unchecked values. (CVE-2008-5243) + - Integer overflows in the ffmpeg audio decoder and the CDDA server. + - Heap buffer overflow in the ffmpeg video decoder. + - Avoid segfault on invalid track type in Matroska files. + - Avoid underflow (compressed atoms) in the Qt demuxer. * Fix reported compilation failures (with C++ programs). * Fix CDDB access in 64-bit builds. * Fix seeking FLV clips that don't specify the movie length in the headers. @@ -97,10 +108,16 @@ xine-lib (1.1.15) 2008-08-14 (CVE-2008-3231) This includes a libfaad update from the 1.2 branch. - Delay V4L video frame preallocation until we know how large they'll be. + (CVE-2008-5245) - Fix an exploitable ID3 heap buffer overflow. + (CVE-2008-5234, vector 2) - Check for possible buffer overflow attempts in the Real demuxer. + (CVE-2008-5235) - Use size_t for data length variables where there may be int overflows. - Add some checks for memory allocation failures. + (CVE-2008-5233) + - Fix crashes with MP3 files with metadata consisting only of separators. + (CVE-2008-5248) * Use external ffmpeg and libfaad by default. * V4L: Don't segfault if asked for an input that doesn't exist. * Recognise AMR audio (normally found in 3GP files). @@ -110,7 +127,6 @@ xine-lib (1.1.15) 2008-08-14 others, there would be no problem. * V4L: only try and set the tuner if we're going to use it. Setting the tuner when using baseband video (CVBS, S-Video) breaks the input. - * Fix crashes with MP3 files with metadata consisting only of separators. xine-lib (1.1.14) 2008-06-29 * DVB changes: |