A fairly vague report  indicates that xine-lib < 1.1.19 suffers from a memory corruption flaw because it would free a variable without first initializing it, leading to possible arbitrary code execution.
I have been unable to find any further information beyond a Gentoo bug report ; no CVE name or patch.
Fedora currently provides xine-lib 1.1.19, but EPEL5 and EPEL6 both provide older versions.
Created xine-lib tracking bugs for this issue
Affects: epel-5 [bug 720499]
Affects: epel-6 [bug 720500]
xine-lib-1.1.21-10.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
xine-lib-1.1.21-10.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.