oss-sec mailing list archives
Re: xine-lib and ocert-2008-008
From: Nico Golde <oss-security+ml () ngolde de>
Date: Fri, 28 Nov 2008 23:45:36 +0100
Hi, * Steven M. Christey <coley () linus mitre org> [2008-11-26 09:27]:
On Sat, 22 Nov 2008, Thomas Viehmann wrote:
[...]
====================================================== Name: CVE-2008-5244 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=619869 Reference: SECTRACK:1020703 Reference: URL:http://securitytracker.com/id?1020703 Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
Anyone having details for this one? I can't find any fix related to this in id3.c/h and the only faad change I saw is http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18c0264660b9;style=gitweb which talks about aac files. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- xine-lib and ocert-2008-008 Thomas Viehmann (Nov 22)
- Re: xine-lib and ocert-2008-008 Matthias Hopf (Nov 24)
- Re: Bug#498243: xine-lib and ocert-2008-008 Darren Salt (Nov 26)
- Re: xine-lib and ocert-2008-008 Steven M. Christey (Nov 25)
- Re: xine-lib and ocert-2008-008 Andrea Barisani (Nov 26)
- Re: xine-lib and ocert-2008-008 Nico Golde (Nov 28)
- Re: xine-lib and ocert-2008-008 Nico Golde (Nov 28)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Nico Golde (Dec 03)
- Re: xine-lib and ocert-2008-008 Matthias Hopf (Nov 24)