From 7e63be8ffb88c1fe981c7cf39c535a5553e35b31 Mon Sep 17 00:00:00 2001
From: Darren Salt <linux@youmustbejoking.demon.co.uk>
Date: Sun, 8 Mar 2009 16:54:39 +0000
Subject: Fix another possible 4xm demuxer integer overflow.

--HG--
extra : transplant_source : U%AF%FD%B5%60%27Y%7F%B5Q%F796%F7a%98%F0k%B8%EF
---
 ChangeLog | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 5e7b0a6b5..49e48990f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
 xine-lib (1.1.17) 2009-??-??
+  * Security fixes:
+    - Fix another possible int overflow in the 4XM demuxer.
+      (ref. TKADV2009-004, CVE-2009-0385)
   * Enable libmpeg2new (if configured with --enable-libmpeg2new).
     This is not yet production code; the old mpeg2 decoder remains the default.
   * Add support for OpenBSD.
@@ -18,7 +21,8 @@ xine-lib (1.1.16.2) 2009-02-10
   * Fix broken size checks in various input plugins (ref. CVE-2008-5239).
   * More malloc checking (ref. CVE-2008-5240).
   * Fix race conditions in gapless_switch (ref. kde bug #180339)
-  * Fix a possible integer overflow in the 4XM demuxer. (TKADV2009-004.txt)
+  * Fix a possible integer overflow in the 4XM demuxer.
+    (TKADV2009-004, CVE-2009-0385)
 
 xine-lib (1.1.16.1) 2009-01-11
   * Fix build with older ffmpeg, both internal and in Debian 5.0.
-- 
cgit v1.2.3