Advisories ยป MGASA-2014-0071

Updated xbmc package fixes a security vulnerability

Publication date: 16 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-1438


Due to flaws in the embedded copy of libDCR, a fork of dcraw.c, in the
embedded copy of CxImage, opening a specially crafted photo file could
trigger a division by zero, an infinite loop, or a null pointer
dereference, resulting in a denial of service (CVE-2013-1438).

This update fixes those flaws.

XBMC is also updated to a newer bugfix-only release, version 12.3.
It contains fixes to various issues, including:
 - several PVR related bugs
 - memory leaks
 - audio channel mapping
 - possible crash on progress dialog
and more.

Additionally, this update fixes a compatibility issue on Mageia 4
affecting AC-3 transcoding, which prevented, for example, multichannel
playback of AAC 5.1 files over S/PDIF or stereo-only HDMI devices.

The PVR addons have also been updated.