Package: xine-lib Severity: grave Tags: security, patch Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xine-lib. CVE-2009-0698[0]: | Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib | 1.1.16.1 allows remote attackers to cause a denial of service (crash) | and possibly execute arbitrary code via a 4X movie file with a large | current_track value, a similar issue to CVE-2009-0385. The upstream bug is here[1]. I guess this should be fixed in stable as well, do you concur? Also it would be nice to get a security round for oldstable-security, as there are quite a few open xine-lib issues. Do you concur? If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0698 http://security-tracker.debian.net/tracker/CVE-2009-0698 [1] http://bugs.xine-project.org/show_bug.cgi?id=205 [2] http://security-tracker.debian.net/tracker/status/release/oldstable -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
