http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246 Originally reported against MPlayer, but it turns out xine-lib is vulnerable too. Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still at 1.1.2, probably already lacking "several bug and security fixes" as put by upstream in the 1.1.3 release announcement. No FC5 system here to test with, so leaving up to Aurelien to decide whether to update while at it or just to possibly apply the patch for this issue from FC6+ (if it applies, unchecked).
Created attachment 149781 [details] Fix from upstream CVS
Patch in comment 1 fixes CVE-2007-1387 too.