Xine-Lib 1.1.11.1 Removes Vulnerabilities
The second update of the Xine-Lib video back-end within a month, closes down a number of integer overflows that were described in CVE-2008-1482.
Previously, attackers could craft a video file to take control of the player with user level privileges. Besides the security updates, the release sees the introduction of a number of minor improvements, including reworked memory management tests, a number of plausibility checks for playing WAV files, and improvements to individual decoders.
Debian has responded to the vulnerabilities by releasing new packages that also remove various previous issues. Red Hat classifies the bugs as "known"; we were unable to ascertain any tangible facts on OpenSUSE's handling of the vulnerabilities.