Ubuntu
vlc package

Change logs for vlc source package in Gutsy

Gutsy (7.10)
Change log

vlc (0.8.6.release.c-0ubuntu5.2) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #207284)
   + debian/patches/031_CVE-2008-1489.diff
    - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
      remote attackers to cause a denial of service (crash) and possibly
      execute arbitrary code via a crafted MP4 RDRF box that triggers a
      heap-based buffer overflow.

  * References
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
   + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

 -- Emanuele Gentili <email address hidden>   Tue, 01 Apr 2008 02:33:08 +0200

vlc (0.8.6.release.c-0ubuntu5.1) gutsy-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/031_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden>   Wed, 27 Feb 2008 01:28:37 +0100

vlc (0.8.6.release.c-0ubuntu5) gutsy; urgency=low

  * Add patch 030_fix_exec_field_code:
    - fix opening multiple files leads to multiple instances (LP: #124712)

 -- Cesare Tirabassi <email address hidden>   Mon, 08 Oct 2007 23:41:44 +0200

vlc (0.8.6.release.c-0ubuntu4) gutsy; urgency=low

  * Move firefox plugin into /usr/lib/firefox. (LP: #99810)
  * Don't attempt to install a symlink for firefox to vlcintf.xpt - it doesn't
    exist any more.

 -- William Grant <email address hidden>   Sat, 06 Oct 2007 15:54:55 +1000

vlc (0.8.6.release.c-0ubuntu3) gutsy; urgency=low

  * Fix typo error in .desktop file (LP: #131691)

 -- Vincent Legout <email address hidden>   Sat, 11 Aug 2007 17:55:19 +0200

vlc (0.8.6.release.c-0ubuntu2) gutsy; urgency=low

  * debian/control: added Xb-Npp-xxx tags accordingly to "firefox distro
    add-on suport" spec,
    (https://blueprints.launchpad.net/ubuntu/+spec/firefox-distro-addon-support)

 -- Hilario Montoliu <email address hidden>   Mon, 25 Jun 2007 16:28:20 +0200

vlc (0.8.6.release.c-0ubuntu1) gutsy; urgency=low

  * SECURITY UPDATE: Format string injection in multiple plugins could
    lead to arbitrary code execution and/or DoS.
  * New upstream security and bugfix release, 0.8.6c (LP: #121511).
  * References
    CVE-2007-0256
    CVE-2007-3316
  * debian/patches/: Remove 020_flac.diff and 030_CVE-2007-0017.diff
    (subsumed by new upstream release).
  * debian/vlc-nox.install: Add libtelx_plugin.so (fixes FTBFS).

 -- Daniel T Chen <email address hidden>   Mon, 25 Jun 2007 01:53:37 -0400

vlc (0.8.6.release-0ubuntu5) gutsy; urgency=low

  * debian/patches/020_flac.diff:
   - Patch from upstream trunk to fix FTBFS with libflac8
     (http://trac.videolan.org/vlc/changeset/18855)

 -- Matti Lindell <email address hidden>   Sun, 10 Jun 2007 17:06:18 +0300

vlc (0.8.6.release-0ubuntu4) feisty; urgency=low

  * debian/control: Revert back to building against  libwxgtk2.6-dev
    (Closes LP: #91248)

 -- Luke Yelavich <email address hidden>   Tue, 20 Mar 2007 16:32:06 +1100

Ubuntuvlc package

Change logs for vlc source package in Gutsy

Ubuntu
vlc package