Change logs for vlc source package in Trusty

vlc (2.1.6-0ubuntu14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: flac: Fix heap write overflow on frame format change
    (LP: #1709420)
    - fix-CVE-2017-9300.patch
    - CVE-2017-9300

 -- Simon Quigley <email address hidden>  Tue, 08 Aug 2017 14:15:04 -0500

vlc (2.1.6-0ubuntu14.04.3) trusty-security; urgency=high

  * SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893)
    - fix-CVE-2016-5108.patch
    - CVE-2016-5108
  * SECURITY UPDATE: Fix potential out of bound reads
    - fix-CVE-2017-8310.patch
    - CVE-2017-8310
  * SECURITY UPDATE: Fix invalid double increment
    - fix-CVE-2017-8311.patch
    - CVE-2017-8311
  * SECURITY UPDATE: Fix potential heap buffer overflow
    - fix-CVE-2017-8312.patch
    - CVE-2017-8312
  * SECURITY UPDATE: ParseJSS: fix out-of-bounds read
    - fix-CVE-2017-8313.patch
    - CVE-2017-8313

 -- Simon Quigley <email address hidden>  Mon, 10 Jul 2017 22:59:26 -0500

vlc (2.1.6-0ubuntu14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted FLV file
    - debian/patches/CVE-2014-9597.patch: properly handle ref count in
      src/misc/picture_pool.c.
    - CVE-2014-9597
  * SECURITY UPDATE: XSS in web interface
    - debian/patches/CVE-2014-9743.patch: fix XSS in src/network/httpd.c.
    - CVE-2014-9743
  * SECURITY UPDATE: denial of service via crafted wav file (LP: #1533633)
    - debian/patches/CVE-2016-3941.patch: seek across eof correctly in
      src/input/stream.c.
    - CVE-2016-3941

 -- Marc Deslauriers <email address hidden>  Mon, 02 May 2016 20:10:10 -0400

vlc (2.1.6-0ubuntu14.04.1) trusty-security; urgency=medium

  * New upstream release to fix multiple security issues (LP: #1419176)
 -- Marc Deslauriers <email address hidden>   Wed, 25 Mar 2015 21:56:16 -0400

vlc (2.1.4-0ubuntu14.04.1) trusty-security; urgency=medium

  * New upstream release (Closes: #742625, LP: #1276650)
  * SECURITY UPDATE: crafted ASF file handling integer divide-by-zero DoS
    - CVE-2014-1684
  * debian/gbp.conf: update for trusty
 -- Benjamin Drung <email address hidden>   Sun, 11 May 2014 21:31:11 +0200

vlc (2.1.2-2build2) trusty; urgency=medium

  * No-change rebuild for x264 soname bump.
 -- Matthias Klose <email address hidden>   Mon, 24 Mar 2014 05:56:23 +0000

vlc (2.1.2-2build1) trusty; urgency=medium

  * Rebuild against liblivemedia23.
 -- Colin Watson <email address hidden>   Wed, 05 Feb 2014 07:11:26 +0000

vlc (2.1.2-2) unstable; urgency=medium


  * Team upload.
  * debian/vlc-data.postinst: Check if a directory exists before trying to
    remove it. (Closes: #732806)

 -- Sebastian Ramacher <email address hidden>  Tue, 31 Dec 2013 15:19:27 +0100

vlc (2.1.2-1) unstable; urgency=medium


  [ Benjamin Drung ]
  * New upstream release.
    - Fix build failure with freetype 2.5.1 (Closes: #731513)
  * Add gpg signature check to watch file.

  [ Mateusz Łukasik ]
  * Bump Standards-Version to 3.9.5 (no changes needed).

 -- Benjamin Drung <email address hidden>  Sat, 21 Dec 2013 21:18:56 +0100

vlc (2.1.1-1) unstable; urgency=low


  * New upstream release.
  * Drop altivec patch (fixed upstream).
  * Remove obsolete conffiles (Closes: #703750).

 -- Benjamin Drung <email address hidden>  Mon, 18 Nov 2013 21:46:53 +0100

vlc (2.1.0-2) unstable; urgency=high


  * Remove mmx and sse2 plugins on non-x86 hardware. (Closes: #727831)
  * Disable Video4Linux2 on kFreeBSD due to a build failure. (Closes: #728130)
  * Switch to debhelper 9.
  * Update minimum version of build dependencies.
  * Explicitly disable plugins that we do not build.
  * Fix build failure on powerpc by correcting the detection of compiler flags
    for altivec.
  * Drop link-binaries-with-c++.patch.
  * Remove the libvaapi plugin from vlc if libva is disabled.
  * Enable libva on kFreeBSD.

 -- Benjamin Drung <email address hidden>  Tue, 29 Oct 2013 01:55:40 +0100

vlc (2.1.0-1) unstable; urgency=high


  * New major upstream release. (Closes: #436339, #632965, #642187,
    #698023, #593735, #724734, #665732, #700752, #704941, #708953,
    #712935, #398167, #646200, #679654, #654955, LP: #982953, #301193,
    #986785, #1038303, #1109026, #530797, #667584, #938621, #671031,
    #1080847, #1157384, #1173943)
  * Security: Fix buffer overflow in the mp4a packetizer CVE-2013-4388
    (Closes: #726528)
  * Drop configure-m4-undefine.patch. (code in question doesn't exist)
  * Drop dvbpsi.patch. (no longer needed)
  * Drop v4l-kfreebsd.patch. (no longer needed)
  * pnap-grammar.patch: Fix spelling/grammar in 2.1's PNAP dialog.
  * Remove static dependency on libproxy and add runtime dependency for
    libproxy as per upstream changes.
  * Use -mtune instead of --with-tuning, as it was removed.
  * SONAME bump for libvlccore5 to libvlccore7.
  * Update symbols for libvlc5 and libvlccore7.
  * Update file lists to account for new/renamed/removed modules.
  * Add missing Breaks and Replaces for libavcodec_plugin.so move.
  * Disable the static library.
  * Bump to lua5.2.
  * Update debian/copyright to include LGPL where relevant, in response
    to the VLC 2.1 relicensing.

 -- Edward Wang <email address hidden>  Sun, 06 Oct 2013 11:12:25 -0400

vlc (2.0.8-1) unstable; urgency=low


  * New upstream release.
  * Drop fix-ftbfs-flac-1.3.patch (applied upstream).

 -- Benjamin Drung <email address hidden>  Thu, 01 Aug 2013 14:19:42 +0200