-
vlc (2.1.6-0ubuntu14.04.4) trusty-security; urgency=medium
* SECURITY UPDATE: flac: Fix heap write overflow on frame format change
(LP: #1709420)
- fix-CVE-2017-9300.patch
- CVE-2017-9300
-- Simon Quigley <email address hidden> Tue, 08 Aug 2017 14:15:04 -0500
-
vlc (2.1.6-0ubuntu14.04.3) trusty-security; urgency=high
* SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893)
- fix-CVE-2016-5108.patch
- CVE-2016-5108
* SECURITY UPDATE: Fix potential out of bound reads
- fix-CVE-2017-8310.patch
- CVE-2017-8310
* SECURITY UPDATE: Fix invalid double increment
- fix-CVE-2017-8311.patch
- CVE-2017-8311
* SECURITY UPDATE: Fix potential heap buffer overflow
- fix-CVE-2017-8312.patch
- CVE-2017-8312
* SECURITY UPDATE: ParseJSS: fix out-of-bounds read
- fix-CVE-2017-8313.patch
- CVE-2017-8313
-- Simon Quigley <email address hidden> Mon, 10 Jul 2017 22:59:26 -0500
-
vlc (2.1.6-0ubuntu14.04.2) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted FLV file
- debian/patches/CVE-2014-9597.patch: properly handle ref count in
src/misc/picture_pool.c.
- CVE-2014-9597
* SECURITY UPDATE: XSS in web interface
- debian/patches/CVE-2014-9743.patch: fix XSS in src/network/httpd.c.
- CVE-2014-9743
* SECURITY UPDATE: denial of service via crafted wav file (LP: #1533633)
- debian/patches/CVE-2016-3941.patch: seek across eof correctly in
src/input/stream.c.
- CVE-2016-3941
-- Marc Deslauriers <email address hidden> Mon, 02 May 2016 20:10:10 -0400
-
vlc (2.1.6-0ubuntu14.04.1) trusty-security; urgency=medium
* New upstream release to fix multiple security issues (LP: #1419176)
-- Marc Deslauriers <email address hidden> Wed, 25 Mar 2015 21:56:16 -0400
-
vlc (2.1.4-0ubuntu14.04.1) trusty-security; urgency=medium
* New upstream release (Closes: #742625, LP: #1276650)
* SECURITY UPDATE: crafted ASF file handling integer divide-by-zero DoS
- CVE-2014-1684
* debian/gbp.conf: update for trusty
-- Benjamin Drung <email address hidden> Sun, 11 May 2014 21:31:11 +0200
-
vlc (2.1.2-2build2) trusty; urgency=medium
* No-change rebuild for x264 soname bump.
-- Matthias Klose <email address hidden> Mon, 24 Mar 2014 05:56:23 +0000
-
vlc (2.1.2-2build1) trusty; urgency=medium
* Rebuild against liblivemedia23.
-- Colin Watson <email address hidden> Wed, 05 Feb 2014 07:11:26 +0000
-
vlc (2.1.2-2) unstable; urgency=medium
* Team upload.
* debian/vlc-data.postinst: Check if a directory exists before trying to
remove it. (Closes: #732806)
-- Sebastian Ramacher <email address hidden> Tue, 31 Dec 2013 15:19:27 +0100
-
vlc (2.1.2-1) unstable; urgency=medium
[ Benjamin Drung ]
* New upstream release.
- Fix build failure with freetype 2.5.1 (Closes: #731513)
* Add gpg signature check to watch file.
[ Mateusz Ĺukasik ]
* Bump Standards-Version to 3.9.5 (no changes needed).
-- Benjamin Drung <email address hidden> Sat, 21 Dec 2013 21:18:56 +0100
-
vlc (2.1.1-1) unstable; urgency=low
* New upstream release.
* Drop altivec patch (fixed upstream).
* Remove obsolete conffiles (Closes: #703750).
-- Benjamin Drung <email address hidden> Mon, 18 Nov 2013 21:46:53 +0100
-
vlc (2.1.0-2) unstable; urgency=high
* Remove mmx and sse2 plugins on non-x86 hardware. (Closes: #727831)
* Disable Video4Linux2 on kFreeBSD due to a build failure. (Closes: #728130)
* Switch to debhelper 9.
* Update minimum version of build dependencies.
* Explicitly disable plugins that we do not build.
* Fix build failure on powerpc by correcting the detection of compiler flags
for altivec.
* Drop link-binaries-with-c++.patch.
* Remove the libvaapi plugin from vlc if libva is disabled.
* Enable libva on kFreeBSD.
-- Benjamin Drung <email address hidden> Tue, 29 Oct 2013 01:55:40 +0100
-
vlc (2.1.0-1) unstable; urgency=high
* New major upstream release. (Closes: #436339, #632965, #642187,
#698023, #593735, #724734, #665732, #700752, #704941, #708953,
#712935, #398167, #646200, #679654, #654955, LP: #982953, #301193,
#986785, #1038303, #1109026, #530797, #667584, #938621, #671031,
#1080847, #1157384, #1173943)
* Security: Fix buffer overflow in the mp4a packetizer CVE-2013-4388
(Closes: #726528)
* Drop configure-m4-undefine.patch. (code in question doesn't exist)
* Drop dvbpsi.patch. (no longer needed)
* Drop v4l-kfreebsd.patch. (no longer needed)
* pnap-grammar.patch: Fix spelling/grammar in 2.1's PNAP dialog.
* Remove static dependency on libproxy and add runtime dependency for
libproxy as per upstream changes.
* Use -mtune instead of --with-tuning, as it was removed.
* SONAME bump for libvlccore5 to libvlccore7.
* Update symbols for libvlc5 and libvlccore7.
* Update file lists to account for new/renamed/removed modules.
* Add missing Breaks and Replaces for libavcodec_plugin.so move.
* Disable the static library.
* Bump to lua5.2.
* Update debian/copyright to include LGPL where relevant, in response
to the VLC 2.1 relicensing.
-- Edward Wang <email address hidden> Sun, 06 Oct 2013 11:12:25 -0400
-
vlc (2.0.8-1) unstable; urgency=low
* New upstream release.
* Drop fix-ftbfs-flac-1.3.patch (applied upstream).
-- Benjamin Drung <email address hidden> Thu, 01 Aug 2013 14:19:42 +0200