[ubuntu/intrepid-proposed] xine-lib 1.1.15-0ubuntu3.1intrepid1 (Accepted)

Loic Minier lool at dooz.org
Thu Jan 29 09:33:28 GMT 2009 

xine-lib (1.1.15-0ubuntu3.1intrepid1) intrepid-proposed; urgency=low

  * Merge 1.1.15-0ubuntu3.1.

xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low

  * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
    - debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
      invalid track type in Matroska files.
    - debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
      overflow in the ffmpeg video decoder.
    - debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
      in the ffmpeg audio decoder
    - debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
      in the the CDDA server.
    - debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
      unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
    - debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
      Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
    - debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
      MNG and QT demuxers. (CVE-2008-5237)
    - debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
      heap-based buffer overflows from unchecked or incompletely-checked read
      function results. (CVE-2008-5239)
    - debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
      untrusted values. (CVE-2008-5240)
    - debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
      compressed atom handling. (CVE-2008-5241)
    - debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
      untrusted or unchecked values. (CVE-2008-5243)

xine-lib (1.1.15-0ubuntu3intrepid1) intrepid-proposed; urgency=low

  * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
    broken translations; LP: #290768.

Date: Tue, 27 Jan 2009 14:35:33 +0100
Changed-By: Loic Minier <lool at dooz.org>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Loïc Minier <lool at dooz.org>
https://edge.launchpad.net/ubuntu/intrepid/+source/xine-lib/1.1.15-0ubuntu3.1intrepid1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 27 Jan 2009 14:35:33 +0100
Source: xine-lib
Binary: libxine1-doc libxine1 libxine1-bin libxine-dev libxine1-ffmpeg libxine1-gnome libxine1-console libxine1-x libxine1-misc-plugins libxine1-dbg libxine1-plugins libxine1-all-plugins
Architecture: source
Version: 1.1.15-0ubuntu3.1intrepid1
Distribution: intrepid-proposed
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Loic Minier <lool at dooz.org>
Description: 
 libxine-dev - the xine video player library, development packages
 libxine1   - the xine video/media player library, meta-package
 libxine1-all-plugins - the xine video/media player library, meta package
 libxine1-bin - the xine video/media player library, binary files
 libxine1-console - libaa/libcaca/framebuffer/directfb related plugins for libxine1
 libxine1-dbg - debug symbols for libxine1
 libxine1-doc - the xine video player library, documentation files
 libxine1-ffmpeg - MPEG-related plugins for libxine1
 libxine1-gnome - GNOME-related plugins for libxine1
 libxine1-misc-plugins - Input, audio output and post plugins for libxine1
 libxine1-plugins - the xine video/media player library, meta package
 libxine1-x - X desktop video output plugins for libxine1
Launchpad-Bugs-Fixed: 290768
Changes: 
 xine-lib (1.1.15-0ubuntu3.1intrepid1) intrepid-proposed; urgency=low
 .
   * Merge 1.1.15-0ubuntu3.1.
 .
 xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low
 .
   * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
     - debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
       invalid track type in Matroska files.
     - debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
       overflow in the ffmpeg video decoder.
     - debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
       in the ffmpeg audio decoder
     - debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
       in the the CDDA server.
     - debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
       unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
     - debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
       Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
     - debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
       MNG and QT demuxers. (CVE-2008-5237)
     - debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
       heap-based buffer overflows from unchecked or incompletely-checked read
       function results. (CVE-2008-5239)
     - debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
       untrusted values. (CVE-2008-5240)
     - debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
       compressed atom handling. (CVE-2008-5241)
     - debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
       untrusted or unchecked values. (CVE-2008-5243)
 .
 xine-lib (1.1.15-0ubuntu3intrepid1) intrepid-proposed; urgency=low
 .
   * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
     broken translations; LP: #290768.
Checksums-Sha1: 
 21e3c76e370ab5ee5c008637b3c11d609ea4ee9c 2371 xine-lib_1.1.15-0ubuntu3.1intrepid1.dsc
 0bc00dafb5f3ed543a62be680f56dda8deb61dff 9102819 xine-lib_1.1.15.orig.tar.gz
 d491c24390d0ab39c2449ee0d650e870263a4716 40012 xine-lib_1.1.15-0ubuntu3.1intrepid1.diff.gz
Checksums-Sha256: 
 27885bafa78a095ebc2d58df220f30dabc344b6ff836ac154fd00b35db585938 2371 xine-lib_1.1.15-0ubuntu3.1intrepid1.dsc
 e0368172176b11ba4766b9a6e301891bc87b69bcbfecad7a0497a1db3327fd4f 9102819 xine-lib_1.1.15.orig.tar.gz
 e0a26426fd6cc30ef644525502861d434a6cb568ebfdf2f5a30d2fcc98a14851 40012 xine-lib_1.1.15-0ubuntu3.1intrepid1.diff.gz
Files: 
 35947fd59337bbab64ad9f61035bc4c4 2371 libs optional xine-lib_1.1.15-0ubuntu3.1intrepid1.dsc
 a270252e1a1342e83d1596e2d42a7282 9102819 libs optional xine-lib_1.1.15.orig.tar.gz
 8d2f5c892f432ac904a1463e647f1527 40012 libs optional xine-lib_1.1.15-0ubuntu3.1intrepid1.diff.gz
Original-Maintainer: Reinhard Tartler <siretart at tauware.de>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmBda4ACgkQ4VUX8isJIMAahwCfTR5h5b8pqKHldxkksLtuf3r5
BWsAn2D9BwlZEZ8zFu12S+7c6SsLa1zb
=N1uu
-----END PGP SIGNATURE-----

More information about the Intrepid-changes mailing list