Red Hat Bugzilla – Bug 720499
xine-lib: memory corruption vulnerability fixed in 1.1.19 [epel-5]
Last modified: 2014-09-18 19:50:26 EDT
epel-5 tracking bug for xine-lib: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Any chance in upgrading EPEL 5 & 6 to the version shipped in Fedora?
Syncing with f19's xine-lib-1.1.21 probably would be the most viable option, even if it would break plugin ABI.
I just took a look at the package and it looks... complicated. Not sure I'd be able to help much. Any idea when you'll be able to rebuild these packages?
Yeah, I looked at it a bit over vacation last week, and it'll be a bit of work... not to mention that the .spec dropped support for old rpm constructs that any el5 build would need anyway awhile back.
Anyway, I'd say a timeframe of another 7-10 days (at most hopefully), would be a fair eta. So, I'll target having this sorted out by next weekend.
xine-lib-1.1.21-10.el5 has been submitted as an update for Fedora EPEL 5.
* should fix your issue,
* was pushed to the Fedora EPEL 5 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing xine-lib-1.1.21-10.el5'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
xine-lib-1.1.21-10.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.