--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-152873 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152873 2006-03-15 --------------------------------------------------------------------- Name : xine Versions : rh73: xine-0.9.8-4.2.legacy Summary : A free video player. Description : xine is a free gpl-licensed video player for unix-like systems. --------------------------------------------------------------------- Update Information: An updated xine package that fixes security bugs is now available. xine is a free gpl-licensed video player for unix-like systems. A vulnerability has been reported in the way xine handles a bug report email. A local user could create a specially crafted symlink which could result in xine overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CVE-2004-0372 to this issue. A heap overflow has been found in the DVD subpicture decoder of xine-lib. This can be used for a remote heap overflow exploit, which can, on some systems, lead to or help in executing malicious code with the permissions of the user running a xine-lib based media application. All users of xine should upgrade to this updated package, which includes backported patches to correct these issues. --------------------------------------------------------------------- Changelogs rh73: * Wed Mar 01 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1:0.9.8-4.2.legacy - Added missing arts-devel, audiofile-devel, esound-devel, libogg-devel, and libvorbis-devel to BuildRequires * Wed Jan 12 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1:0.9.8-4.1.legacy - fix CAN-2004-0372 and XSA-2004-5 (#2348) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) rh73: 297e2b6fb5bb2dad8629944e03dc8d7635f5c225 redhat/7.3/updates-testing/i386/xine-0.9.8-4.2.legacy.i386.rpm 465a4ea2a12017a0cee76883e9263ece27c31a6d redhat/7.3/updates-testing/i386/xine-devel-0.9.8-4.2.legacy.i386.rpm 7336c58504919c05a6ccd5caac1c4a41bb7b7c12 redhat/7.3/updates-testing/SRPMS/xine-0.9.8-4.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
