This release contains some security fixes, notably a DoS via
corrupted Ogg files (CVS-2008-3231), some related fixes, and
fixes for a few possible buffer overflows.
ok jakemsr@
This release contains a security fix (buffer overflow in the NSF demuxer,
CVE-2008-1878). There are also a few bug fixes, and a new JACK output
plugin.
ok jakemsr@
This release contains a security fix (unchecked array index,
CVE-2008-1686). There are also a few bug fixes, and open-source
support for RealAudio "cook". For front-end package maintainers,
there's a tool to help maintain MIME type lists, and for developers
who need raw frame data, you can now get that with the "raw" video
output plugin.
from brad@
* Security fixes:
- Integer overflows in FLV, Qt, Real, WC3Movie, Matroska and FILM
demuxers, allowing remote attackers to trigger heap overflows and
possibly execute arbitrary code. (CVE-2008-1482)
* Added a few more memory allocation checks to the above demuxers.
* WAV file playback fix: don't assume that the first chunk is "fmt ".
* Don't try to play partial 24-bit AIFF frames (decoder would lose data).
* Fixed AIFF comment chunk handling and sample rate reading.
* LPCM fixes: input over-reading, conversion of 24-bit samples.
from brad@
security - fix stack overflow in FLAC tag parser
-fix RealPlayer codec detection bug
- improve id3v2 tag parser
from brad@
while here, fix a couple "missing sentinel" issues
SECURITY- fixx buffer overflow which allows a remote attacker to
execute arbitrary code or crash the client program via a crafted ASF
header
from brad, thanks
- use some CONFIGURE_ENV instead of patching
- rearrange/update CONFIGURE_ARGS
- many patches no longer relevant
- add CD audio support
input, tetsing and prodding from brad@
* Security fixes:
- CVE-2006-2802: possible buffer overflow in the HTTP plugin.
- possible buffer overflow via bad indexes in specially-crafted AVI files
* Fix a potential crash with fixed-size lacing in the Matroska demuxer
* Enable AMD64 mmx/sse support in some plugins (tvtime, libmpeg2, goom...)
* Fix xxmc subpictures (broken since 1.1.1)
* Add support for RealPlayer 10 codecs
WANTLIB tweak from bernd@
testing by steven@ and bernd@
xine is a free multimedia player. It plays back CDs, DVDs, and VCDs. It
also decodes multimedia files like AVI, MOV, WMV, and MP3 from local
disk drives, and displays multimedia streamed over the Internet. It
interprets many of the most common multimedia formats available - and
some of the most uncommon formats, too.
prodded by jolan@ and bernd@
