Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734 Summary: CVE-2007-1246: xine-lib buffer overflow Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xine-lib AssignedTo: gauret@xxxxxxx ReportedBy: ville.skytta@xxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: fedora-security-list@xxxxxxxxxx,ville.skytta@xxxxxx http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246 Originally reported against MPlayer, but it turns out xine-lib is vulnerable too. Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still at 1.1.2, probably already lacking "several bug and security fixes" as put by upstream in the 1.1.3 release announcement. No FC5 system here to test with, so leaving up to Aurelien to decide whether to update while at it or just to possibly apply the patch for this issue from FC6+ (if it applies, unchecked). ------- Additional Comments From ville.skytta@xxxxxx 2007-03-10 17:29 EST ------- Created an attachment (id=149781) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=149781&action=view) Fix from upstream CVS -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
