diff options
| -rw-r--r-- | ChangeLog | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -12,7 +12,8 @@ xine-lib (1.1.10) (unreleased) xine-lib (1.1.9.1) 2008-01-11 * Security fixes: - Buffer overflow which allows a remote attacker to execute arbitrary - code via a crafted SDP Abstract attribute. (CVE-2008-0225) + code via a crafted SDP Abstract attribute. + (CVE-2008-0225, a.k.a. CVE-2008-0238) (Fix ported from mplayer changeset 22821) * Fix a read-past-end bug in xine-lib's internal strtok_r replacement. (Only affects systems without strtok_r.) [Bug #19] @@ -137,8 +138,9 @@ xine-lib (1.1.6) 2007-04-17 xine-lib (1.1.5) 2007-04-10 * Security fixes: - - Fix heap overflow in DMO loader. (CVE-2007-1246) [Bug SF 1676925] + - Fix heap overflow in DMO and DirectShow loaders. Thanks to Kees Cook for reporting. + (CVE-2007-1246 & CVE-2007-1387) [Bug SF 1676925] * Improved PulseAudio plugin, now only one connection per instance is opened and the mainloop is threaded to reduce latency during playback. * Added XCB-based output plugins (Xv and XShm), to use in software using @@ -258,8 +260,9 @@ xine-lib (1.1.4) 2007-01-28 xine-lib (1.1.3) 2006-12-03 * Security fixes: - Heap overflow in libmms (related to CVE-2006-2200) - - Buffer overrun in Real Media input plugin. [Bug SF 1603458] + - Buffer overrun in Real Media input plugin. Thanks to Roland Kay for reporting and JW for the patch. + (CVE-2006-6172) [Bug SF 1603458] * Update build system to support x86 Darwin setups, and merge patches to support Darwin OS better. * Replace custom ALSA check with pkg-config check, and make sure 0.9.0 is |