Merge from 1.1.

--HG-- rename : src/demuxers/demux_nsf.c => src/combined/nsf_demuxer.c rename : src/libxinevdec/bitplane.c => src/video_dec/bitplane.c
author: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-04-21 00:05:16 +0100
committer: Darren Salt <linux@youmustbejoking.demon.co.uk> 2008-04-21 00:05:16 +0100
commit: b726e1b4ef9beaf6ba5a8ae15f15a9f818e48a3b (patch)
tree: 8fd56bdda807c35dcf5cd0bbe88bd151158f24d7 /ChangeLog
parent: 9a34a9096f156d46176cf30270e38a32410cd116 (diff)
parent: d59c3de535738d8cd5d313b5a4f5502fa0aa7081 (diff)
download: xine-lib-b726e1b4ef9beaf6ba5a8ae15f15a9f818e48a3b.tar.gz
xine-lib-b726e1b4ef9beaf6ba5a8ae15f15a9f818e48a3b.tar.bz2
1 files changed, 7 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 0dc368a54..b061bab3d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -64,7 +64,13 @@ xine-lib (1.1.90) (Unreleased)
   * Report more video output capabilities via (port)->get_capabilities():
     colour controls, zooming, colour keying.
 
-xine-lib (1.1.13) 2008-??-??
+xine-lib (1.1.12.1) 2008-??-??
+  * Security fixes:
+    - Buffer overflow in the NSF demuxer which may allow remote attackers to
+      cause a denial of service (crash) or possibly execute arbitrary code
+      via an NSF file with a long title or copyright message. (CVE-2008-1878)
+    - For extra safety against possible Integer overflows like the ones found
+      in CVE-2008-1482, backport more calloc usage from 1.2 branch.
 
 xine-lib (1.1.12) 2008-04-14
   * Security fixes:
author	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-04-21 00:05:16 +0100
committer	Darren Salt <linux@youmustbejoking.demon.co.uk>	2008-04-21 00:05:16 +0100
commit	b726e1b4ef9beaf6ba5a8ae15f15a9f818e48a3b (patch)
tree	8fd56bdda807c35dcf5cd0bbe88bd151158f24d7 /ChangeLog
parent	9a34a9096f156d46176cf30270e38a32410cd116 (diff)
parent	d59c3de535738d8cd5d313b5a4f5502fa0aa7081 (diff)
download	xine-lib-b726e1b4ef9beaf6ba5a8ae15f15a9f818e48a3b.tar.gz xine-lib-b726e1b4ef9beaf6ba5a8ae15f15a9f818e48a3b.tar.bz2