[Bug 290768] Re: C format string specifications mismatch in translations crashes libxine based apps in some loales

[Martin Pitt]

Thanks Loic for merging. Please test this version:

 xine-lib (1.1.15-0ubuntu3.1intrepid1) intrepid-proposed; urgency=low
 .
   * Merge 1.1.15-0ubuntu3.1.
 .
 xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low
 .
   * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
     - debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
       invalid track type in Matroska files.
     - debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
       overflow in the ffmpeg video decoder.
     - debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
       in the ffmpeg audio decoder
     - debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
       in the the CDDA server.
     - debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
       unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
     - debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
       Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
     - debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
       MNG and QT demuxers. (CVE-2008-5237)
     - debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
       heap-based buffer overflows from unchecked or incompletely-checked read
       function results. (CVE-2008-5239)
     - debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
       untrusted values. (CVE-2008-5240)
     - debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
       compressed atom handling. (CVE-2008-5241)
     - debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
       untrusted or unchecked values. (CVE-2008-5243)
 .
 xine-lib (1.1.15-0ubuntu3intrepid1) intrepid-proposed; urgency=low
 .
   * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
     broken translations; LP: #290768.


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-5234

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5236

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5237

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5239

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5240

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5241

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5242

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5243

** Changed in: xine-lib (Ubuntu Intrepid)
       Status: Triaged => Fix Committed

-- 
C format string specifications mismatch in translations crashes libxine based apps in some loales
https://bugs.launchpad.net/bugs/290768
You received this bug notification because you are a member of Kubuntu
Bugs, which is a direct subscriber.