Comment 1 for bug 235904

Please update xine-lib to 1.1.13 - this will solve several important bugs, like:
* [CVE-2008-1878] Inadequate bounds checking in the NES Sound Format (NSF) demuxer
* Ubuntu bug #93076 - important display bug with Motion JPEG video's (such videos are produced by most photo cameras)

I'm pasting important info from xine-lib to 1.1.13 Release Notes:

Maintenance & security-fix release.
Changes:
* Security fixes:
  - Buffer overflow in the NSF demuxer which may allow remote attackers to
    cause a denial of service (crash) or possibly execute arbitrary code
    via an NSF file with a long title or copyright message. (CVE-2008-1878)
  - For extra safety against possible Integer overflows like the ones found
    in CVE-2008-1482, backport more calloc usage from 1.2 branch.
* Added MIME types and .mpp for musepack.
* Fixed display of some MJPEG streams (YUVJ420P).
* Provide a useful implementation of xine_register_log_cb().
* New version of the JACK output plugin.

See http://sourceforge.net/project/shownotes.php?release_id=606977&group_id=9655 for full release notes