Fix for CVE-2008-5234.

Multiple heap-based buffer overflows in xine-lib 1.1.12, and other
versions before 1.1.15, allow remote attackers to execute arbitrary
code via vectors related to (1) a crafted metadata atom size processed
by the parse_moov_atom function in demux_qt.c and (2) frame reading in
the id3v23_interp_frame function in id3.c.  NOTE: as of 20081122, it is
possible that vector 1 has not been fixed in 1.1.15.

      case ( FOURCC_TAG('C', 'O', 'M', 'M') ):
        _x_meta_info_set_generic(stream, XINE_META_INFO_COMMENT, buf + 1 + 3, id3_encoding[enc]);

0 files changed, 0 insertions, 0 deletions