Subject: CVS commit: pkgsrc/multimedia/xine-ui
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 02/17/2007 22:48:18
Module Name: pkgsrc
Committed By: salo
Date: Sat Feb 17 22:48:18 UTC 2007
Modified Files:
pkgsrc/multimedia/xine-ui: Makefile distinfo
pkgsrc/multimedia/xine-ui/patches: patch-ai patch-aq
Added Files:
pkgsrc/multimedia/xine-ui/patches: patch-au patch-av patch-aw patch-ax
patch-ay patch-az patch-ba patch-bb patch-bc
Log Message:
Security fixes for CVE-2007-0254 (and more):
"A vulnerability has been reported in xine-ui, which potentially can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a format string error within the
"errors_create_window()" function in errors.c. This may be exploited to
execute arbitrary code by e.g. tricking a user into opening a specially
crafted playlist file."
Patch from SUSE.
Bump PKGREVISION.
XXX: The sources are a real mess. My condolences to everyone using it.
And good luck, you'll need it!..
To generate a diff of this commit:
cvs rdiff -r1.33 -r1.34 pkgsrc/multimedia/xine-ui/Makefile
cvs rdiff -r1.13 -r1.14 pkgsrc/multimedia/xine-ui/distinfo
cvs rdiff -r1.1 -r1.2 pkgsrc/multimedia/xine-ui/patches/patch-ai \
pkgsrc/multimedia/xine-ui/patches/patch-aq
cvs rdiff -r0 -r1.1 pkgsrc/multimedia/xine-ui/patches/patch-au \
pkgsrc/multimedia/xine-ui/patches/patch-av \
pkgsrc/multimedia/xine-ui/patches/patch-aw \
pkgsrc/multimedia/xine-ui/patches/patch-ax \
pkgsrc/multimedia/xine-ui/patches/patch-ay \
pkgsrc/multimedia/xine-ui/patches/patch-az \
pkgsrc/multimedia/xine-ui/patches/patch-ba \
pkgsrc/multimedia/xine-ui/patches/patch-bb \
pkgsrc/multimedia/xine-ui/patches/patch-bc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.