Subject: PR/35375 CVS commit: [pkgsrc-2006Q4] pkgsrc/multimedia/xine-ui
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Geert Hendrickx <ghen@netbsd.org>
List: pkgsrc-bugs
Date: 03/05/2007 12:15:05
The following reply was made to PR pkg/35375; it has been noted by GNATS.

From: Geert Hendrickx <ghen@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: PR/35375 CVS commit: [pkgsrc-2006Q4] pkgsrc/multimedia/xine-ui
Date: Mon,  5 Mar 2007 12:11:43 +0000 (UTC)

 Module Name:	pkgsrc
 Committed By:	ghen
 Date:		Mon Mar  5 12:11:43 UTC 2007
 
 Modified Files:
 	pkgsrc/multimedia/xine-ui [pkgsrc-2006Q4]: Makefile distinfo
 	pkgsrc/multimedia/xine-ui/patches [pkgsrc-2006Q4]: patch-ai patch-aq
 	    patch-ar
 Added Files:
 	pkgsrc/multimedia/xine-ui/patches [pkgsrc-2006Q4]: patch-as patch-au
 	    patch-av patch-aw patch-ax patch-ay patch-az patch-ba patch-bb
 	    patch-bc
 
 Log Message:
 Pullup ticket 2026 - requested by salo
 security update for xine-ui
 
 - pkgsrc/multimedia/xine-ui/Makefile			1.30, 1.34 via patch
 - pkgsrc/multimedia/xine-ui/distinfo			1.12, 1.14 via patch
 - pkgsrc/multimedia/xine-ui/patches/patch-ai		1.2
 - pkgsrc/multimedia/xine-ui/patches/patch-aq		1.2
 - pkgsrc/multimedia/xine-ui/patches/patch-ar		1.2
 - pkgsrc/multimedia/xine-ui/patches/patch-as		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-au		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-av		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-aw		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-ax		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-ay		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-az		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-ba		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-bb		1.1
 - pkgsrc/multimedia/xine-ui/patches/patch-bc		1.1
 
    Module Name:	pkgsrc
    Committed By:	drochner
    Date:		Tue Jan  9 14:52:41 UTC 2007
 
    Modified Files:
 	   pkgsrc/multimedia/xine-ui: Makefile distinfo
 	   pkgsrc/multimedia/xine-ui/patches: patch-ar
    Added Files:
 	   pkgsrc/multimedia/xine-ui/patches: patch-as
 
    Log Message:
    fix PR pkg/35375: xine-ui freezes konsole sessions from
    Sergey Svishchev, patch from xine CVS
 ---
    Module Name:	pkgsrc
    Committed By:	salo
    Date:		Sat Feb 17 22:48:18 UTC 2007
 
    Modified Files:
 	   pkgsrc/multimedia/xine-ui: Makefile distinfo
 	   pkgsrc/multimedia/xine-ui/patches: patch-ai patch-aq
    Added Files:
 	   pkgsrc/multimedia/xine-ui/patches: patch-au patch-av patch-aw patch-ax
 	       patch-ay patch-az patch-ba patch-bb patch-bc
 
    Log Message:
    Security fixes for CVE-2007-0254 (and more):
 
    "A vulnerability has been reported in xine-ui, which potentially can be
     exploited by malicious people to compromise a user's system.
 
     The vulnerability is caused due to a format string error within the
     "errors_create_window()" function in errors.c. This may be exploited to
     execute arbitrary code by e.g. tricking a user into opening a specially
     crafted playlist file."
 
    Patch from SUSE.
    Bump PKGREVISION.
 
    XXX: The sources are a real mess.  My condolences to everyone using it.
         And good luck, you'll need it!..
 
 
 To generate a diff of this commit:
 cvs rdiff -r1.28 -r1.28.2.1 pkgsrc/multimedia/xine-ui/Makefile
 cvs rdiff -r1.11 -r1.11.6.1 pkgsrc/multimedia/xine-ui/distinfo
 cvs rdiff -r1.1 -r1.1.22.1 pkgsrc/multimedia/xine-ui/patches/patch-ai
 cvs rdiff -r1.1 -r1.1.8.1 pkgsrc/multimedia/xine-ui/patches/patch-aq \
     pkgsrc/multimedia/xine-ui/patches/patch-ar
 cvs rdiff -r0 -r1.1.2.1 pkgsrc/multimedia/xine-ui/patches/patch-as \
     pkgsrc/multimedia/xine-ui/patches/patch-au \
     pkgsrc/multimedia/xine-ui/patches/patch-av \
     pkgsrc/multimedia/xine-ui/patches/patch-aw \
     pkgsrc/multimedia/xine-ui/patches/patch-ax \
     pkgsrc/multimedia/xine-ui/patches/patch-ay \
     pkgsrc/multimedia/xine-ui/patches/patch-az \
     pkgsrc/multimedia/xine-ui/patches/patch-ba \
     pkgsrc/multimedia/xine-ui/patches/patch-bb \
     pkgsrc/multimedia/xine-ui/patches/patch-bc
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.