From fc472ae33af5ce010ad1db0daee0c0b34f754159 Mon Sep 17 00:00:00 2001
From: Darren Salt <linux@youmustbejoking.demon.co.uk>
Date: Wed, 26 Nov 2008 03:29:56 +0000
Subject: Add info concerning CVE-2008-52xx.

---
 ChangeLog | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 44644f19d..fa03fff62 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,10 +8,16 @@ xine-lib (1.1.15) 2008-08-14
       (CVE-2008-3231)
       This includes a libfaad update from the 1.2 branch.
     - Delay V4L video frame preallocation until we know how large they'll be.
+      (CVE-2008-5245)
     - Fix an exploitable ID3 heap buffer overflow.
+      (CVE-2008-5234, vector 2)
     - Check for possible buffer overflow attempts in the Real demuxer.
+      (CVE-2008-5235)
     - Use size_t for data length variables where there may be int overflows.
     - Add some checks for memory allocation failures.
+      (CVE-2008-5233)
+    - Fix crashes with MP3 files with metadata consisting only of separators.
+      (CVE-2008-5248)
   * Use external ffmpeg and libfaad by default.
   * V4L: Don't segfault if asked for an input that doesn't exist.
   * Recognise AMR audio (normally found in 3GP files).
@@ -21,7 +27,6 @@ xine-lib (1.1.15) 2008-08-14
     others, there would be no problem.
   * V4L: only try and set the tuner if we're going to use it. Setting the tuner
     when using baseband video (CVBS, S-Video) breaks the input.
-  * Fix crashes with MP3 files with metadata consisting only of separators.
 
 xine-lib (1.1.14) 2008-06-29
   * DVB changes:
-- 
cgit v1.2.3