From 4c52c9ca51da4772a8df3dfd2d6e1d824dbfbea0 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 13 Mar 2008 16:41:34 +0000 Subject: Add a CVE number for the ASF header crash fix. --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 84dc7815f..75c3b6309 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,7 +32,7 @@ xine-lib (1.1.10) 2008-01-26 * Security fixes: - Buffer overflow which allows a remote attacker to execute arbitrary code or crash the client program via a crafted ASF header. - (Related to CVE-2006-1664) + (CVE-2008-1110, related to CVE-2006-1664) * Update Ogg and Annodex mimetypes and extensions. * Change the default v4l device paths to /dev/video0 and /dev/radio0. * Fix support for subtitles with schemes (e.g. http://), partly broken -- cgit v1.2.3 From 7a3a1e423dd9cfcc47152509474bea108fff444f Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Fri, 14 Mar 2008 16:39:40 +0000 Subject: Mention CVE-2008-1161, which was fixed in 1.1.10.1. --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 75c3b6309..22c651383 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,10 @@ xine-lib (1.1.10.1) 2008-02-07 - Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. (CVE-2008-0486) + - Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) + which may allow remote attackers to cause a denial of service (crash) + or possibly execute arbitrary code via a Matroska file with invalid + frame sizes. (CVE-2008-1161) * Fix a RealPlayer codec detection bug. * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag size. -- cgit v1.2.3