The problem can be corrected by upgrading the affected package to
version 1-rc5-1ubuntu2.4 (for Ubuntu 4.10), 1.0-1ubuntu3.6 (for Ubuntu
5.04), or 1.0.1-1ubuntu10.2 (for Ubuntu 5.10). In general, a standard
system upgrade is sufficient to effect the necessary changes.
USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine
library contains a copy of the ffmpeg code, thus it is vulnerable to
the same flaw.
For reference, this is the original advisory:
Simon Kilvington discovered a buffer overflow in the
avcodec_default_get_buffer() function of the ffmpeg library. By
tricking an user into opening a malicious movie which contains
specially crafted PNG images, this could be exploited to execute
arbitrary code with the user's privileges.