SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A day or two ago I upgraded xine-lib with the xine-lib-1.1.11-i686-1_slack12.0.tgz security update with md5sum 04dfd67cfc12258f05b2e01612494572
Today I received another notification that a security update for this was available. The file name is the same but md5sum c883b1ebae2955f6d8f289e9e80cf7b2
What is going on here? The slackware.com website still shows the old md5sum, but it has indeed been changed on ftp.slackware.com.
If you received an update, I would imagine that there would also be an explanation of the second version of that file.
From today's changelog:
Quote:
Tue Apr 1 02:41:32 CDT 2008
...
xap/xine-lib-1.1.11.1-i686-1.tgz: Earlier versions of xine-lib suffer from an
integer overflow which may lead to a buffer overflow that could potentially
be used to gain unauthorized access to the machine if a malicious media
file is played back. File types affected this time include .flv, .mov, .rm,
.mve, .mkv, and .cak.
For more information on this security issue, please see: http://cve.mitre.org/cgi-bin/cvename...=CVE-2008-1482
(* Security fix *)
...
Normally, I wouldn't be confused, but this update was just put out a day or two ago
Code:
Mon Mar 31 23:33:58 CDT 2008
xap/xine-lib-1.1.11.1-i686-1_slack12.0.tgz:
Upgraded to xine-lib-1.1.11.1.
Earlier versions of xine-lib suffer from an integer overflow which may lead
to a buffer overflow that could potentially be used to gain unauthorized
access to the machine if a malicious media file is played back. File types
affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak.
For more information on this security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
(* Security fix *)
+--------------------------+
Sat Mar 29 03:09:17 CDT 2008
.
.
.
patches/packages/xine-lib-1.1.11-i686-1_slack12.0.tgz:
Earlier versions of xine-lib suffer from an array index bug that
may have security implications if a malicious RTSP stream is
played. Playback of other media formats is not affected.
If you use RTSP, you should probably upgrade xine-lib.
For more information on the security issue, please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
(* Security fix *)
I guess what I don't understand is why wasn't there a note that it was updated again (to avoid confusion) or why didn't the build number at least change.
I suppose the build number didn't change because the build script might be exactly the same. But then the source should be different so you would think the version number would be different.
Ahh, the security advisory just got updated on slackware.com. All is well
Darn it, I forgot it was April fools' day. I guess it's too late to get out the Whoopee cushion. (And yes, the version number is slightly different, with an extra .1)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.