CVE-2008-5244
Published: 25 November 2008
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
Notes
Author | Note |
---|---|
mdeslaur | Same AAC issue as the first part of CVE-2008-4610 looks like debian fixed this by building xine-lib with the system faad, which is in universe for us... Tester is lol-vlc.aac. Doesn't crash intrepid. xine 1.1.15 updated built-in libfaad to get rid of crashers Not sure what to do for older versions... |
Priority
Status
Package | Release | Status |
---|---|---|
faad2 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Not vulnerable
(2.6.1)
|
|
xine-lib Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.1+ubuntu2-7.10)
|
gutsy |
Released
(1.1.7-1ubuntu1.4)
|
|
hardy |
Released
(1.1.11.1-1ubuntu3.2)
|
|
intrepid |
Not vulnerable
(1.1.15)
|
|
jaunty |
Not vulnerable
(1.1.15)
|
|
karmic |
Not vulnerable
(1.1.15)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=18c0264660b951b8e5672f1a66d1bcecdfeb6ea8;style=gitweb upstream: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=434756e85c83322e948d2e2b9fa774c448147df0;style=gitweb |