-
vlc (0.8.6.release.c-0ubuntu5.2) gutsy-security; urgency=low
* SECURITY UPDATE: (LP: #207284)
+ debian/patches/031_CVE-2008-1489.diff
- Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a crafted MP4 RDRF box that triggers a
heap-based buffer overflow.
* References
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
+ http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
-- Emanuele Gentili <email address hidden> Tue, 01 Apr 2008 02:33:08 +0200
-
vlc (0.8.6.release.c-0ubuntu5.1) gutsy-security; urgency=low
* SECURITY UPDATE:
- debian/patches/031_CVE-2008-0984.diff (LP: #195949)
+ VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
suffers from an arbitrary memory overwrite vulnerability when using
crash the player instance.
* References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
- http://www.videolan.org/security/sa0802.html
-- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 01:28:37 +0100
-
vlc (0.8.6.release.c-0ubuntu5) gutsy; urgency=low
* Add patch 030_fix_exec_field_code:
- fix opening multiple files leads to multiple instances (LP: #124712)
-- Cesare Tirabassi <email address hidden> Mon, 08 Oct 2007 23:41:44 +0200
-
vlc (0.8.6.release.c-0ubuntu4) gutsy; urgency=low
* Move firefox plugin into /usr/lib/firefox. (LP: #99810)
* Don't attempt to install a symlink for firefox to vlcintf.xpt - it doesn't
exist any more.
-- William Grant <email address hidden> Sat, 06 Oct 2007 15:54:55 +1000
-
vlc (0.8.6.release.c-0ubuntu3) gutsy; urgency=low
* Fix typo error in .desktop file (LP: #131691)
-- Vincent Legout <email address hidden> Sat, 11 Aug 2007 17:55:19 +0200
-
vlc (0.8.6.release.c-0ubuntu2) gutsy; urgency=low
* debian/control: added Xb-Npp-xxx tags accordingly to "firefox distro
add-on suport" spec,
(https://blueprints.launchpad.net/ubuntu/+spec/firefox-distro-addon-support)
-- Hilario Montoliu <email address hidden> Mon, 25 Jun 2007 16:28:20 +0200
-
vlc (0.8.6.release.c-0ubuntu1) gutsy; urgency=low
* SECURITY UPDATE: Format string injection in multiple plugins could
lead to arbitrary code execution and/or DoS.
* New upstream security and bugfix release, 0.8.6c (LP: #121511).
* References
CVE-2007-0256
CVE-2007-3316
* debian/patches/: Remove 020_flac.diff and 030_CVE-2007-0017.diff
(subsumed by new upstream release).
* debian/vlc-nox.install: Add libtelx_plugin.so (fixes FTBFS).
-- Daniel T Chen <email address hidden> Mon, 25 Jun 2007 01:53:37 -0400
-
vlc (0.8.6.release-0ubuntu5) gutsy; urgency=low
* debian/patches/020_flac.diff:
- Patch from upstream trunk to fix FTBFS with libflac8
(http://trac.videolan.org/vlc/changeset/18855)
-- Matti Lindell <email address hidden> Sun, 10 Jun 2007 17:06:18 +0300
-
vlc (0.8.6.release-0ubuntu4) feisty; urgency=low
* debian/control: Revert back to building against libwxgtk2.6-dev
(Closes LP: #91248)
-- Luke Yelavich <email address hidden> Tue, 20 Mar 2007 16:32:06 +1100