From 7a3a1e423dd9cfcc47152509474bea108fff444f Mon Sep 17 00:00:00 2001
From: Darren Salt <linux@youmustbejoking.demon.co.uk>
Date: Fri, 14 Mar 2008 16:39:40 +0000
Subject: Mention CVE-2008-1161, which was fixed in 1.1.10.1.

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 75c3b6309..22c651383 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@ xine-lib (1.1.10.1) 2008-02-07
     - Array index vulnerability which may allow remote attackers to execute
       arbitrary code via a crafted FLAC tag, causing a stack buffer overflow.
       (CVE-2008-0486)
+    - Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c)
+      which may allow remote attackers to cause a denial of service (crash)
+      or possibly execute arbitrary code via a Matroska file with invalid
+      frame sizes. (CVE-2008-1161)
   * Fix a RealPlayer codec detection bug.
   * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag
     size.
-- 
cgit v1.2.3