Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0225 to the following vulnerability: Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. References: http://aluigi.altervista.org/adv/xinermffhof-adv.txt http://secunia.com/advisories/28384
This issue was addressed in upstream version 1.1.9.1: http://sourceforge.net/project/shownotes.php?release_id=567872&group_id=9655 Updates to F7 and F8 are pending approval.
Note that I submitted the F7 update "only" to testing, because I do not have a F7 box to test with and it's an update from 1.1.7 to 1.1.9.1. The F8 update works fine for me and I requested it to be pushed straight to the non-testing updates repo. BTW, could the script (?) you guys use to add security bugzilla entries be modified so that it auto-Cc's co-maintainers as well as the primary package owner? Is the script (?) publically available somewhere?
(In reply to comment #2) > The F8 update works fine for me and I requested it to be pushed straight to > the non-testing updates repo. Can you please have a look at #428621 too? That's another xine-lib issue that got CVE id. However, reference point to the same Secunia advisory as this one, just wording seems to cover other exploitation vectors not originally described in reporter's mail. Looking into the patch referenced by 1.1.9.1 release notes, those additional vectors seem to be addressed to. But I would appreciate some ack from someone more familiar with xine-lib. > BTW, could the script (?) you guys use to add security bugzilla entries be > modified so that it auto-Cc's co-maintainers as well as the primary package > owner? Current CC list it based on package ownership as known to Bugzilla. Can you recommend any source from where co-maintainers list can be extracted in automated way? pkgdb list of co-maintainers, but I do not see any obvious way to turn that to list of Bugzilla emails/logins to CC the bug to. > Is the script (?) publically available somewhere? fedora-security repo should already contain it.
xine-lib-1.1.9.1-1.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update xine-lib'
xine-lib-1.1.9.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Fixed upstream version xine-lib-1.1.10-1 currently available in all stable Fedora versions, closing.