FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363221
Date:      2014-07-28
Time:      18:38:13Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
06eac338-9ddf-11dd-813f-000e35248ad7libxine -- denial of service vulnerability

xine team reports:

A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files (CVE-2008-3231), some related fixes, and fixes for a few possible buffer overflows.


Discovery 2008-07-13
Entry 2008-10-19
libxine
lt 1.1.15

CVE-2008-3231
http://www.xinehq.de/index.php/news
http://xforce.iss.net/xforce/xfdb/44040
48e14d86-42f1-11de-ad22-000e35248ad7libxine -- multiple vulnerabilities

xine developers report:

  • Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385)
  • Fix an integer overflow in the Quicktime demuxer.

Discovery 2009-04-04
Entry 2009-05-17
libxine
lt 1.1.16.3

CVE-2009-0385
CVE-2009-1274
http://trapkit.de/advisories/TKADV2009-004.txt
http://trapkit.de/advisories/TKADV2009-005.txt
http://sourceforge.net/project/shownotes.php?release_id=660071
51d1d428-42f0-11de-ad22-000e35248ad7libxine -- multiple vulnerabilities

Multiple vulnerabilities were fixed in libxine 1.1.16.2.

Tobias Klein reports:

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version 1.1.16.2.

xine developers report:

  • Fix broken size checks in various input plugins (ref. CVE-2008-5239).
  • More malloc checking (ref. CVE-2008-5240).

Discovery 2009-02-15
Entry 2009-05-17
libxine
lt 1.1.16.2

CVE-2009-0698
CVE-2008-5234
CVE-2008-5240
http://trapkit.de/advisories/TKADV2009-004.txt
http://sourceforge.net/project/shownotes.php?release_id=660071
06eac338-9ddf-11dd-813f-000e35248ad7libxine -- denial of service vulnerability

xine team reports:

A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files (CVE-2008-3231), some related fixes, and fixes for a few possible buffer overflows.


Discovery 2008-07-13
Entry 2008-10-19
libxine
lt 1.1.15

CVE-2008-3231
http://www.xinehq.de/index.php/news
http://xforce.iss.net/xforce/xfdb/44040
48e14d86-42f1-11de-ad22-000e35248ad7libxine -- multiple vulnerabilities

xine developers report:

  • Fix another possible int overflow in the 4XM demuxer. (ref. TKADV2009-004, CVE-2009-0385)
  • Fix an integer overflow in the Quicktime demuxer.

Discovery 2009-04-04
Entry 2009-05-17
libxine
lt 1.1.16.3

CVE-2009-0385
CVE-2009-1274
http://trapkit.de/advisories/TKADV2009-004.txt
http://trapkit.de/advisories/TKADV2009-005.txt
http://sourceforge.net/project/shownotes.php?release_id=660071
51d1d428-42f0-11de-ad22-000e35248ad7libxine -- multiple vulnerabilities

Multiple vulnerabilities were fixed in libxine 1.1.16.2.

Tobias Klein reports:

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

Note: A similar issue also affects xine-lib < version 1.1.16.2.

xine developers report:

  • Fix broken size checks in various input plugins (ref. CVE-2008-5239).
  • More malloc checking (ref. CVE-2008-5240).

Discovery 2009-02-15
Entry 2009-05-17
libxine
lt 1.1.16.2

CVE-2009-0698
CVE-2008-5234
CVE-2008-5240
http://trapkit.de/advisories/TKADV2009-004.txt
http://sourceforge.net/project/shownotes.php?release_id=660071