Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-5244

Publication date 25 November 2008

Last updated 24 July 2024


Ubuntu priority

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.

Read the notes from the security team

Status

Package Ubuntu Release Status
faad2 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life
xine-lib 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 1.1.11.1-1ubuntu3.2
7.10 gutsy
Fixed 1.1.7-1ubuntu1.4
6.06 LTS dapper
Fixed 1.1.1+ubuntu2-7.10

Notes


mdeslaur

Same AAC issue as the first part of CVE-2008-4610 looks like debian fixed this by building xine-lib with the system faad, which is in universe for us... Tester is lol-vlc.aac. Doesn't crash intrepid. xine 1.1.15 updated built-in libfaad to get rid of crashers Not sure what to do for older versions...