[Bug 231734] New: CVE-2007-1246: xine-lib buffer overflow

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734 Summary: CVE-2007-1246: xine-lib buffer overflow Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xine-lib AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list@redhat.com,ville.skytta(a)iki.fi http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246 Originally reported against MPlayer, but it turns out xine-lib is vulnerable too. Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still at 1.1.2, probably already lacking "several bug and security fixes" as put by upstream in the 1.1.3 release announcement. No FC5 system here to test with, so leaving up to Aurelien to decide whether to update while at it or just to possibly apply the patch for this issue from FC6+ (if it applies, unchecked). ------- Additional Comments From ville.skytta(a)iki.fi 2007-03-10 17:29 EST ------- Created an attachment (id=149781) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=149781&action=...) Fix from upstream CVS -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.