Ubuntu
xine-lib package

Please sync xine-lib (main) from Debian unstable (main)

Bug #181949 reported by Reinhard Tartler
4
Affects Status Importance Assigned to Milestone
xine-lib (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/xine-lib
 status confirmed
 subscribe ubuntu-archive

Please sync xine-lib (main) from Debian unstable (main).

Explanation of the Ubuntu delta and why it can be dropped:
ubuntu upload was a prerelease of that package

Changelog since current hardy version 1.1.9-0ubuntu1:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Debian Powered!

iD8DBQFHhyG/mAg1RJRTSKQRArL4AJ4w38D3xT+S1Evv7F2v3rn/wE8m+wCfQhMu
9sWBxoa4Vry31gEIPUSAhP8=
=YVjv
-----END PGP SIGNATURE-----

Tags: sync

CVE References

Revision history for this message
Martin Pitt (pitti) wrote :

not yet on the Debian mirrors

Revision history for this message
Steve Langasek (vorlon) wrote :

 * command was 'dpkg-source -sn -x /home/lp_archive/syncs/xine-lib_1.1.9-1.dsc'
 [dpkg-source output:] dpkg-source: error: file xine-lib_1.1.9.orig.tar.gz has size 9125380 instead of expected 9047018
E: 'dpkg-source -x' failed for /home/lp_archive/syncs/xine-lib_1.1.9-1.dsc [return code: 6400].

Package cannot by synced until the upstream version number changes.

Revision history for this message
Reinhard Tartler (siretart) wrote :

1.1.10-1 has been uploaded to debian now. Please sync that version instead, then.

sorry for the inconvinence.

Revision history for this message
Wouter Stomp (wouterstomp-deactivatedaccount) wrote :

Debian changelog:

 xine-lib (1.1.10-1) unstable; urgency=high

   * New upstream release (Closes: #459836)...
   * ... fixing some security bugs:
     - CVE-2008-0225: Heap-based buffer overflow in rmff_dump_cont function
       which allows remote attacker to execute arbitrary code via a crafted
       SDP Abstract attribute (Closes: #460551).
       This also acks 1.1.8-3+lenny1 (NMU by the security team).
     - Related to CVE-2006-1664: Buffer overflow which allows a remote
       attacker to execute arbitrary code or crash the client program via a
       crafted ASF header.
   * ... and fixing some other bugs, including:
     - Disappearing audio. (Closes: #461970)

   [ Darren Salt ]
   * Build-depend on gs-gpl | gs. Avoids FTBFS where recommended packages
     aren't automatically installed.
   * Put libxine1-doc in section libdevel.
   * Move libxine1-doc | libxine-doc to Suggests: in libxine1. (Closes: #458103)
   * Add postinst scripts to ensure that the documentation symlinks are
     properly created. (This is really dpkg bugginess.) (Closes: #458865)
   * Standards version 3.7.3; no changes needed.

   [ Reinhard Tartler ]
   * Actually install xineplug_decode_w32dll.so and xineplug_decode_qt.so
     on i386. debian/rules accidentally used $< where it should have been
     $^. Thanks to Gert Kulyk for reporting! LP: #182400
   * Fix XS-Hg-VCS headers in debian/control LP: #183886

 -- Darren Salt <email address hidden> Sat, 26 Jan 2008 22:16:28 +0000

Revision history for this message
Martin Pitt (pitti) wrote : Synced

Package(s) synced.

Changed in xine-lib:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.