CVE-2008-5244

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
faad2	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life
xine-lib	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 1.1.11.1-1ubuntu3.2
	7.10 gutsy	Fixed 1.1.7-1ubuntu1.4
	6.06 LTS dapper	Fixed 1.1.1+ubuntu2-7.10

Notes

mdeslaur

Same AAC issue as the first part of CVE-2008-4610 looks like debian fixed this by building xine-lib with the system faad, which is in universe for us... Tester is lol-vlc.aac. Doesn't crash intrepid. xine 1.1.15 updated built-in libfaad to get rid of crashers Not sure what to do for older versions...

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
xine-lib	Upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18c0264660b951b8e5672f1a66d1bcecdfeb6ea8;style=gitweb Upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=434756e85c83322e948d2e2b9fa774c448147df0;style=gitweb

References

Related Ubuntu Security Notices (USN)

USN-710-1
xine-lib vulnerabilities
26 January 2009

Status

Notes

Patch details

References

Related Ubuntu Security Notices (USN)

Other references