xine-lib may allow remote code execution!
in [Slackware]
|
Prev: [Security] xine-lib may allow remote code execution!
Next: Wifi on HP 6720s laptop Broadcom 4312 card Slackware 12.1current
From: Robby Workman on 20 Apr 2008 00:04 On 2008-04-18, Manuel Reimer <mreimer(a)expires-30-04-2008.news-group.org> wrote: > > xine-lib in the version included with Slackware seems to have a critical > hole which may allow remote code execution. Oh really? When did Slackware start shipping speex or libfishsound? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686 The sky is not falling. Really. -RW
From: Damjan on 22 Apr 2008 09:36 >> maybe some codecs have issues with software patents, but software >> patents are not recognized in all jurisdictions. > > Thats probably why the MPlayer site has .hu as TLD. > > But Patrick Volkerding is quite eager to avoid any of these issues in > Slackware, no matter if its only a issue in the U.S of A. mp3 is also protected by patents as are xvid/divx and h.264 .. but they are all supported in the xine shiping with Slackware. -- damjan
From: Eef Hartman on 22 Apr 2008 09:56 Manuel Reimer <mreimer(a)expires-30-04-2008.news-group.org> wrote: > But if they at least release patches, then mplayer seems to be still > maintained and even with the long release time, there are only four They have ONCE released patches: all 4 mentioned in the news are from the end of januari (2 on the 30rd, 2 on the 29th). No news at all since then (or before, since the release of 1.0rc2). So probably they either didn't do much or they didn't get to back- porting the patches to the rc2 version. I _am_ assuming (didn't check) that the SVN version is still being worked at. -- ******************************************************************** ** Eef Hartman, Delft University of Technology, dept. EWI/TW ** ** e-mail: E.J.M.Hartman(a)math.tudelft.nl, fax: +31-15-278 7295 ** ** snail-mail: P.O. Box 5031, 2600 GA Delft, The Netherlands ** ********************************************************************
From: Dave Uhring on 22 Apr 2008 10:44 On Tue, 22 Apr 2008 15:56:51 +0200, Eef Hartman wrote: > I _am_ assuming (didn't check) that the SVN version is still being > worked at. I just updated my source tree. There have been about 125 updates since six days ago. Current mplayer SVN version is 26492.
From: Manuel Reimer on 23 Apr 2008 00:52
Eef Hartman wrote: > So probably they either didn't do much or they didn't get to back- > porting the patches to the rc2 version. There is no need to backport anything to an "old" version, if there has no security hole to be patched. CU Manuel |