There’s an update to the xine-lib package for Slackware. If you use it, please update to this new version (1.0.3a). A question that strikes me when reading this notification is, “What the hell are the odds that this vuln can actually be implemented in real-life?”
Details are as follows:
New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide (by uploading or running a server) specially crafted CDDB information and then get the user to play the referenced audio CD.