Stefan Fritsch wrote: > Package: libxine1 > Version: 1.1.1-1 > Severity: grave > Tags: security > Justification: user security hole > > > > According to CVE-2006-1664, there is a "buffer overflow in > xine_list_delete_current in libxine 1.14 and earlier, as distributed > in xine-lib 1.1.1 and earlier, allows remote attackers to execute > arbitrary code via a crafted MPEG stream."
Are you able to reproduce this? If so, we need your help as I can't since xine pretends not to know about the file format of the created egg file. However, I was using xine instead of gxine since the latter is not available in Debian. Maybe some non-free decoders are required? In that case, Debian is not vulnerable per definition since they aren't shipped by Debian. Regards, Joey -- Experience is something you don't get until just after you need it. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]