flac, xmms security update

CentOS Errata and Security Advisory CESA-2007:0975

FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC
encoder and decoder in library form, a program to encode and decode FLAC
files, a metadata editor for FLAC files and input plugins for various music
players.

A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)

Users of flac are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-October/076492.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076493.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076502.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076503.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076508.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076509.html

Affected packages:
flac
flac-devel
xmms-flac

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0975