New subject: [Bug 231734] CVE-2007-1246, CVE-2007-1387: xine-lib buffer overflows

10 Mar 2007


      Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734
Summary: CVE-2007-1246: xine-lib buffer overflow
           Product: Fedora Extras
           Version: fc5
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: xine-lib
        AssignedTo: gauret@free.fr
        ReportedBy: ville.skytta@iki.fi
         QAContact: extras-qa@fedoraproject.org
                CC: fedora-security-list@redhat.com,ville.skytta@iki.fi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246
Originally reported against MPlayer, but it turns out xine-lib is vulnerable
too.  Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still
at 1.1.2, probably already lacking "several bug and security fixes" as put by
upstream in the 1.1.3 release announcement.  No FC5 system here to test with, so
leaving up to Aurelien to decide whether to update while at it or just to
possibly apply the patch for this issue from FC6+ (if it applies, unchecked).
------- Additional Comments From ville.skytta@iki.fi  2007-03-10 17:29 EST -------
Created an attachment (id=149781)
 --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=149781&action=vie...)
Fix from upstream CVS
-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug 231734] New: CVE-2007-1246: xine-lib buffer overflow