diff options
| -rw-r--r-- | ChangeLog | 9 | 
1 files changed, 6 insertions, 3 deletions
| @@ -12,7 +12,8 @@ xine-lib (1.1.10) (unreleased)  xine-lib (1.1.9.1) 2008-01-11    * Security fixes:      - Buffer overflow which allows a remote attacker to execute arbitrary -      code via a crafted SDP Abstract attribute. (CVE-2008-0225) +      code via a crafted SDP Abstract attribute. +      (CVE-2008-0225, a.k.a. CVE-2008-0238)        (Fix ported from mplayer changeset 22821)    * Fix a read-past-end bug in xine-lib's internal strtok_r replacement.      (Only affects systems without strtok_r.) [Bug #19] @@ -137,8 +138,9 @@ xine-lib (1.1.6) 2007-04-17  xine-lib (1.1.5) 2007-04-10    * Security fixes: -    - Fix heap overflow in DMO loader. (CVE-2007-1246) [Bug SF 1676925] +    - Fix heap overflow in DMO and DirectShow loaders.        Thanks to Kees Cook for reporting. +      (CVE-2007-1246 & CVE-2007-1387) [Bug SF 1676925]    * Improved PulseAudio plugin, now only one connection per instance is opened      and the mainloop is threaded to reduce latency during playback.    * Added XCB-based output plugins (Xv and XShm), to use in software using @@ -258,8 +260,9 @@ xine-lib (1.1.4) 2007-01-28  xine-lib (1.1.3) 2006-12-03    * Security fixes:      - Heap overflow in libmms (related to CVE-2006-2200) -    - Buffer overrun in Real Media input plugin. [Bug SF 1603458] +    - Buffer overrun in Real Media input plugin.        Thanks to Roland Kay for reporting and JW for the patch. +      (CVE-2006-6172) [Bug SF 1603458]    * Update build system to support x86 Darwin setups, and merge patches to      support Darwin OS better.    * Replace custom ALSA check with pkg-config check, and make sure 0.9.0 is | 
