Ubuntu
vlc package

[SRU MRE] Update to 2.1.6 in Trusty

Bug #1419176 reported by Amr Ibrahim
272
This bug affects 3 people
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Fix Released
Undecided
Marc Deslauriers

Bug Description

2.1.6 has been released and has some security fixes http://git.videolan.org/?p=vlc/vlc-2.1.git;a=blob_plain;f=NEWS;hb=HEAD.

Changes between 2.1.5 and 2.1.6:
--------------------------------

Audio output:
 * Fix OSS stuttering

Security:
 * Fix heap overflow in decomp stream filter
 * Fix buffer overflow in updater
 * Fix potential buffer overflow in schroedinger encoder
 * Fix null-pointer dereference in DMO decoder
 * Fix buffer overflow in parsing of string boxes in mp4 demuxer
 * Fix SRTP integer overflow
 * Fix potential crash in zip access
 * Fix read overflow in Ogg demuxer

Win32 installer:
 * Update translations and greek encoding

Changes between 2.1.4 and 2.1.5:
--------------------------------

Core:
 * Fix compilation on OS/2

Access:
 * Stability improvements for the QTSound capture module

Mac OS X audio output:
 * Fix channel ordering
 * Increase the buffersize

Decoders:
 * Fix DxVA2 decoding of samples needing more surfaces
 * Improve MAD resistance to broken mp3 streams
 * Fix PGS alignment in MKV

Qt Interface:
 * Don't rename mp3 converted files to .raw

Mac OS X Interface:
 * Correctly support video-on-top
 * Fix video output event propagation on Macs with retina displays
 * Stability improvements when using future VLC releases side by side

Streaming:
 * Fix transcode when audio format changes

Security contents:
 * Updated GnuTLS to 3.1.25 (CVE-2014-3466)
 * Updated libpng to 1.6.10 (CVE-2014-0333)

See original description
Amr Ibrahim (amribrahim1987)
information type: Private Security → Public Security
Amr Ibrahim (amribrahim1987)
summary: - [SRU] Update to 2.1.5 in Trusty
+ [SRU MRE] Update to 2.1.5 in Trusty
Revision history for this message
Launchpad Janitor (janitor) wrote : Re: [SRU MRE] Update to 2.1.5 in Trusty

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vlc (Ubuntu):
status: New → Confirmed
Amr Ibrahim (amribrahim1987)
summary: - [SRU MRE] Update to 2.1.5 in Trusty
+ [SRU MRE] Update to 2.1.6 in Trusty
description: updated
Amr Ibrahim (amribrahim1987)
description: updated
Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in vlc (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Amr Ibrahim (amribrahim1987) wrote :

Benjamin, could you have a look at this? Thanks.

Marc Deslauriers (mdeslaur)
Changed in vlc (Ubuntu):
status: Incomplete → In Progress
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 2.1.6-0ubuntu14.04.1

---------------
vlc (2.1.6-0ubuntu14.04.1) trusty-security; urgency=medium

  * New upstream release to fix multiple security issues (LP: #1419176)
 -- Marc Deslauriers <email address hidden> Wed, 25 Mar 2015 21:56:16 -0400

Changed in vlc (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Simon Déziel (sdeziel) wrote :

Thanks all, this is really appreciated, especially for a package in universe.

Revision history for this message
Amr Ibrahim (amribrahim1987) wrote :

Thanks a lot Marc for working on this micro release exception MRE.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.