From fac37975dd471c945145e5f147932170d4f4198f Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Wed, 6 Feb 2008 18:27:31 +0000 Subject: Change from release numbering to ABI numbering for the plugin directory. This is to avoid having to rebuild external plugins for each new release. --HG-- extra : transplant_source : %C2%3EF%0B%EF%16%40K%FD.%EB9%E07%CB%97GhU%98 --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f05ce93eb..e9af6b424 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ xine-lib (1.1.11) unreleased * Fix a RealPlayer codec detection bug. + * Reworked the plugin directory naming so that external plugins don't have + to be rebuilt for every release. We now use a naming scheme based on the + API/ABI versioning, checking older directories - with this release, the + plugin directory name is 1.19, and if this gets bumped to 1.20 in a + future release, 1.19 will still be available for external plugins. + (Any directories not 1.* won't be looked in.) xine-lib (1.1.10) 2008-01-26 * Security fixes: -- cgit v1.2.3 From 5c051b721ee7ff79ae655660e9695563a902945c Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 17:51:59 +0000 Subject: Add length checking in the FLAC metadata-parsing code. Make the tracknumber/tracktotal buffer larger (possible overflow). --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index f05ce93eb..4a66c4c45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ xine-lib (1.1.11) unreleased + * Security fixes: + - Array index vulnerability which may allow remote attackers to execute + arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. + (CVE-2008-0486) * Fix a RealPlayer codec detection bug. xine-lib (1.1.10) 2008-01-26 -- cgit v1.2.3 From a8d2186af1722c00b4cb9b045d96a5b16f29f7e7 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 17:55:06 +0000 Subject: 1.1.10.1, not 1.1.11. --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 4a66c4c45..5cbde5090 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -xine-lib (1.1.11) unreleased +xine-lib (1.1.10.1) unreleased * Security fixes: - Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. -- cgit v1.2.3 From 69bc8833d2108303d7984cab5e1ad5f49dd66085 Mon Sep 17 00:00:00 2001 From: Thibaut Mattern Date: Thu, 7 Feb 2008 22:36:52 +0100 Subject: Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag size. --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5cbde5090..02634b43d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ xine-lib (1.1.10.1) unreleased arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. (CVE-2008-0486) * Fix a RealPlayer codec detection bug. + * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag + size. xine-lib (1.1.10) 2008-01-26 * Security fixes: -- cgit v1.2.3 From 27a3e33f4ce17a5e082e983258818e02606be58c Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Thu, 7 Feb 2008 23:10:15 +0000 Subject: Add release date. --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 02634b43d..c9161619d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -xine-lib (1.1.10.1) unreleased +xine-lib (1.1.10.1) 2008-02-07 * Security fixes: - Array index vulnerability which may allow remote attackers to execute arbitrary code via a crafted FLAC tag, causing a stack buffer overflow. -- cgit v1.2.3