Projects / xine / Releases

All releases of xine

  •  04 Apr 2009 10:26
Avatar

    Release Notes: A possible integer overflow in the 4XM demuxer, reported as CVE-2009-0385, was resolved. An integer overflow in the Quicktime demuxer was fixed. A pause/resume freeze with pulseaudio was fixed. Support for a new MPEG2 decoder, libmpeg2new, was added. OpenBSD is now supported.

    •  15 Mar 2009 12:44
    Avatar

      Release Notes: Broken size checks were fixed in various input plugins, as reported in CVE-2008-5239. More malloc checking was added, as demanded by CVE-2008-5240. A possible integer overflow in the 4XM demuxer was fixed. Race conditions in gapless_switch were fixed. Several other fixes were made.

      •  12 Jan 2009 09:35
      Avatar

        Release Notes: Building with older ffmpeg versions was fixed. Broken playback of some H.264 files was fixed. A version check for the CACA library was added. Several other minor changes were made.

        •  11 Jan 2009 22:04
        Avatar

          Release Notes: Several security fixes were made. This solves a heap overflow in Quicktime atom parsing, multiple buffer overflows, multiple integer overflows, unchecked or incompletely checked read function results, unchecked malloc using untrusted values, buffer indexing using untrusted or unchecked values, integer overflows in the ffmpeg audio decoder and the CDDA server, and a heap buffer overflow in the ffmpeg video decoder. A segfault on invalid track type in Matroska files is avoided. Several further bugfixes were made. H.264 and AAC streams are now supported within FLV.

          •  15 Aug 2008 12:57
          Avatar

            Release Notes: Several security fixes have been made, such as for crashes with various corrupted media files, as reported in CVE-2008-3231. An exploitable ID3 heap buffer overflow has been fixed. Some checks for memory allocation failures have been added. A V4L segfault has been resolved. AMR audio and Snow video are now recognized. Xv deinterlacing image corruption on some chipsets has been solved. Crashes with MP3 files with metadata consisting only of separators have been fixed. An Xv port and type selection have been added. Content type detection for HTTP streams has been improved. Several DVB and V4L improvements and fixes have been made.

            •  15 Jun 2008 20:38
            Avatar

              Release Notes: A buffer overflow in the NSF demuxer, possibly allowing remote attackers to cause a denial of service (crash) or execute arbitrary code, was fixed. This vulnerability was reported as CVE-2008-1878. More usage of calloc() was deployed to provide extra safety against possible integer overflows as found in CVE-2008-1482. The JACK output plugin was improved. The display of some MJPEG streams (YUVJ420P) was fixed.

              •  17 Apr 2008 11:34
              Avatar

                Release Notes: An insufficient boundary check in the Speex audio decoder, as reported in CVE-2008-1686, was fixed. Two regressions in 1.1.11.1, breaking QuickTime container handling and the Matroska demuxer, were fixed. Various improvements were made to the Real codec. The PulseAudio driver was improved.

                •  31 Mar 2008 14:37
                Avatar

                  Release Notes: Several integer overflows were fixed in FLV, Qt, Real, WC3Movie, Matroska, and FILM demuxers. These overflows allowed remote attackers to trigger heap overflows and possibly execute arbitrary code (reported in CVE-2008-1482). Several other minor bugs were fixed.

                  •  20 Mar 2008 13:44
                  Avatar

                    Release Notes: An array indexing vulnerability in sdpplin_parse(), as reported in CVE-2008-0073, was fixed. Plugin version handling was improved. A breakage caused by an off-by-one in the FLAC security fix was solved. Support for 16-bit big-endian DTS audio was added. The frame snapshot API was improved. A long delay when closing stream on dual core systems was resolved.

                    •  11 Feb 2008 14:35
                    Avatar

                      Release Notes: A potential stack buffer overflow via crafted FLAC tags, as reported in CVE-2008-0486, was fixed. Detection of MP3 streams with ID3v2 tags was improved. A RealPlayer codec detection bug was fixed.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.