From fc472ae33af5ce010ad1db0daee0c0b34f754159 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Wed, 26 Nov 2008 03:29:56 +0000 Subject: Add info concerning CVE-2008-52xx. --- ChangeLog | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 44644f19d..fa03fff62 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,10 +8,16 @@ xine-lib (1.1.15) 2008-08-14 (CVE-2008-3231) This includes a libfaad update from the 1.2 branch. - Delay V4L video frame preallocation until we know how large they'll be. + (CVE-2008-5245) - Fix an exploitable ID3 heap buffer overflow. + (CVE-2008-5234, vector 2) - Check for possible buffer overflow attempts in the Real demuxer. + (CVE-2008-5235) - Use size_t for data length variables where there may be int overflows. - Add some checks for memory allocation failures. + (CVE-2008-5233) + - Fix crashes with MP3 files with metadata consisting only of separators. + (CVE-2008-5248) * Use external ffmpeg and libfaad by default. * V4L: Don't segfault if asked for an input that doesn't exist. * Recognise AMR audio (normally found in 3GP files). @@ -21,7 +27,6 @@ xine-lib (1.1.15) 2008-08-14 others, there would be no problem. * V4L: only try and set the tuner if we're going to use it. Setting the tuner when using baseband video (CVBS, S-Video) breaks the input. - * Fix crashes with MP3 files with metadata consisting only of separators. xine-lib (1.1.14) 2008-06-29 * DVB changes: -- cgit v1.2.3 From c1806db355208c85916e58cf8324a3676f073173 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Tue, 9 Dec 2008 22:02:13 +0000 Subject: Marker for security fixes. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index fa03fff62..93f2fab10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ xine-lib (1.1.16) 2008-??-?? + * Security fixes: * Fix reported compilation failures (with C++ programs). * Fix CDDB access in 64-bit builds. -- cgit v1.2.3 From d122dee9253731cf50428228d1b670739d874eb2 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 5 Jan 2009 14:39:25 +0000 Subject: Changelog update. --- ChangeLog | 1 + 1 file changed, 1 insertion(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 93f2fab10..64490359b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ xine-lib (1.1.16) 2008-??-?? * Security fixes: + - Integer overflows in the ffmpeg audio decoder and the CDDA server. * Fix reported compilation failures (with C++ programs). * Fix CDDB access in 64-bit builds. -- cgit v1.2.3 From 104278cb4cf805fc875ebd49b4a4b8f369b91c7d Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 25 Aug 2008 13:50:32 +0100 Subject: Fix a possible heap buffer overflow in the ffmpeg video decoder. This could happen where the actual image height is not a multiple of 16. --HG-- extra : transplant_source : %10%BD%8C%FE%BA%CA0%D5k%8A%9CH%DD%B1-%A7E4%CD%E6 --- ChangeLog | 1 + 1 file changed, 1 insertion(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 64490359b..bb9c629f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ xine-lib (1.1.16) 2008-??-?? * Security fixes: - Integer overflows in the ffmpeg audio decoder and the CDDA server. + - Heap buffer overflow in the ffmpeg video decoder. * Fix reported compilation failures (with C++ programs). * Fix CDDB access in 64-bit builds. -- cgit v1.2.3 From 8f725b5644ac910294fbe28929ddc98cd1d2ad38 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 5 Jan 2009 14:50:15 +0000 Subject: Changelog updates. --- ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index bb9c629f1..d625fd78a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,15 @@ xine-lib (1.1.16) 2008-??-?? * Security fixes: + - Heap overflow in Quicktime atom parsing. (CVE-2008-5234) + - Multiple buffer overflows. (CVE-2008-5236) + - Multiple integer overflows. (CVE-2008-5237) + - Unchecked or incompletely-checked read function results. (CVE-2008-5239) + - Unchecked malloc using untrusted values. (CVE-2008-5240) + - Buffer indexing using untrusted or unchecked values. (CVE-2008-5243) - Integer overflows in the ffmpeg audio decoder and the CDDA server. - Heap buffer overflow in the ffmpeg video decoder. + - Avoid segfault on invalid track type in Matroska files. + - Avoid underflow (compressed atoms) in the Qt demuxer. * Fix reported compilation failures (with C++ programs). * Fix CDDB access in 64-bit builds. -- cgit v1.2.3