Stefan Fritsch wrote:
> Package: libxine1
> Version: 1.1.1-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
>
>
> According to CVE-2006-1664, there is a "buffer overflow in
> xine_list_delete_current in libxine 1.14 and earlier, as distributed
> in xine-lib 1.1.1 and earlier, allows remote attackers to execute
> arbitrary code via a crafted MPEG stream."
Are you able to reproduce this? If so, we need your help as I
can't since xine pretends not to know about the file format of the
created egg file. However, I was using xine instead of gxine since
the latter is not available in Debian. Maybe some non-free
decoders are required? In that case, Debian is not vulnerable
per definition since they aren't shipped by Debian.
Regards,
Joey
--
Experience is something you don't get until just after you need it.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
