*** This bug is a security vulnerability *** Public security bug reported:
References: MDVSA-2008:046 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:046) MDVSA-2008:046-1 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:046-1) Quoting MDVSA-2008:046: "An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity." Quoting MDVSA-2008:046-1: "[...] The previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch." ** Affects: xine-lib (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0486 -- [xine-lib] [CVE-2008-0486] possible buffer overflow in the FLAC audio demuxer https://bugs.launchpad.net/bugs/195700 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
