From a99bea5eb67de57de5aa3259b5b5432d4aaa9c1a Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 17 Apr 2008 19:26:56 +0100 Subject: Changelog entry for SA29850. --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index affa153e4..f88b7eed9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ -xine-lib (1.1.13) 2008-??-?? +xine-lib (1.1.12.1) 2008-??-?? + * Security fixes: + - Buffer overflow in the NSF demuxer which may allow remote attackers to + cause a denial of service (crash) or possibly execute arbitrary code + via an NSF file with a long title or copyright message. (SA29850) xine-lib (1.1.12) 2008-04-14 * Security fixes: -- cgit v1.2.3 From b20ea4a074c5be50e82321061ee73193b15a10d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20=27Flameeyes=27=20Petten=C3=B2?= Date: Sat, 19 Apr 2008 01:57:09 +0200 Subject: Add a ChangeLog entry for the backports from 1.2. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f88b7eed9..03b361632 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ xine-lib (1.1.12.1) 2008-??-?? - Buffer overflow in the NSF demuxer which may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via an NSF file with a long title or copyright message. (SA29850) + - For extra safety against possible Integer overflows like the ones found + in CVE-2008-1482, backport more calloc usage from 1.2 branch. xine-lib (1.1.12) 2008-04-14 * Security fixes: -- cgit v1.2.3 From d59c3de535738d8cd5d313b5a4f5502fa0aa7081 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Sun, 20 Apr 2008 18:03:04 +0100 Subject: CVE no. for the NSF bug. --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 03b361632..cf2588b39 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,7 @@ xine-lib (1.1.12.1) 2008-??-?? * Security fixes: - Buffer overflow in the NSF demuxer which may allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code - via an NSF file with a long title or copyright message. (SA29850) + via an NSF file with a long title or copyright message. (CVE-2008-1878) - For extra safety against possible Integer overflows like the ones found in CVE-2008-1482, backport more calloc usage from 1.2 branch. -- cgit v1.2.3