Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-5244

Published: 25 November 2008

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.

Notes

AuthorNote
mdeslaur
Same AAC issue as the first part of CVE-2008-4610
looks like debian fixed this by building xine-lib with the system
faad, which is in universe for us...
Tester is lol-vlc.aac. Doesn't crash intrepid.
xine 1.1.15 updated built-in libfaad to get rid of crashers
Not sure what to do for older versions...

Priority

Low

Status

Package Release Status
faad2
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needed)
hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

upstream Not vulnerable
(2.6.1)
xine-lib
Launchpad, Ubuntu, Debian
dapper
Released (1.1.1+ubuntu2-7.10)
gutsy
Released (1.1.7-1ubuntu1.4)
hardy
Released (1.1.11.1-1ubuntu3.2)
intrepid Not vulnerable
(1.1.15)
jaunty Not vulnerable
(1.1.15)
karmic Not vulnerable
(1.1.15)
upstream Needs triage

Patches:
upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18c0264660b951b8e5672f1a66d1bcecdfeb6ea8;style=gitweb
upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=434756e85c83322e948d2e2b9fa774c448147df0;style=gitweb