Red Hat Bugzilla – Bug 492474
regression in xine-lib 220.127.116.11
Last modified: 2009-03-27 13:55:13 EDT
Created attachment 336912 [details]
An Ubuntu update for xine-lib was recently released due to a regression in the fix for CVE-2009-0698 where it would prevent certain files from playing properly. We currently have xine-lib 18.104.22.168 in Fedora (9, 10, rawhide) which has this CVE fixed upstream.
The test.mpg file (attached) does not play with our gxine player, but it does play fine with mplayer. The linked URL is to Ubuntu's bug report on this, and the advisory URL is: http://www.ubuntu.com/usn/USN-746-1
A source archive that is listed in the advisory is: http://security.ubuntu.com/ubuntu/pool/main/x/xine-lib/xine-lib_1.1.15-0ubuntu3.2.diff.gz
fyi, fedora's xine-lib doesn't include support for encumbered formats, like mpeg... but I'll take a look.
Hrm, upstream report claims fixed in 22.214.171.124,
Guess I'll have to try the sample (along with xine-lib-extras-freeworld)
Hmmm... I maybe have some extra bits installed, but when I ran gxine on the test.mpeg, it opened, and nothing in the output indicated an unrecognized or unknown file type. I did install mplayer from rpmfusion just to verify that mplayer worked with it (as noted in the Ubuntu advisory), so other non-free bits came in as a result, but that was after trying with gxine.
This could be a false alarm, I'm not sure, but it came across my radar so I figured I'd bring it up.
Using xine and kaffine, with xine-lib-extras-freeworld installed, test.mpg plays fine here.