Red Hat Bugzilla – Bug 720499
xine-lib: memory corruption vulnerability fixed in 1.1.19 [epel-5]
Last modified: 2014-09-18 19:50:26 EDT
epel-5 tracking bug for xine-lib: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the 'blocks' bugs. [bug automatically created by: add-tracking-bugs]
Any chance in upgrading EPEL 5 & 6 to the version shipped in Fedora?
Syncing with f19's xine-lib-1.1.21 probably would be the most viable option, even if it would break plugin ABI.
I just took a look at the package and it looks... complicated. Not sure I'd be able to help much. Any idea when you'll be able to rebuild these packages?
Yeah, I looked at it a bit over vacation last week, and it'll be a bit of work... not to mention that the .spec dropped support for old rpm constructs that any el5 build would need anyway awhile back. Anyway, I'd say a timeframe of another 7-10 days (at most hopefully), would be a fair eta. So, I'll target having this sorted out by next weekend.
xine-lib-1.1.21-10.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/xine-lib-1.1.21-10.el5
Package xine-lib-1.1.21-10.el5: * should fix your issue, * was pushed to the Fedora EPEL 5 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing xine-lib-1.1.21-10.el5' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2304/xine-lib-1.1.21-10.el5 then log in and leave karma (feedback).
xine-lib-1.1.21-10.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.