Ubuntu
vlc package

[SRU] Update to bug-fix release 2.2.8 in Xenial

Bug #1579935 reported by Amr Ibrahim on 2016-05-09

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	vlc (Ubuntu)	Fix Released	Medium	Unassigned
	Xenial	Confirmed	Medium	Unassigned

Bug Description

[Impact]

VLC has received many bug fixes on the stable 2.2.x branch since 2.2.2 was released. I think 16.04 LTS should get these fixes.

[Test Case]

Install vlc from xenial-proposed and test it for at least one week. Play different video formats to catch any regressions, and use it as you normally would.

[Regression Potential]

The 2.2.x branch receives only bug fixes, which are cherry-picked from the master branch where the main development takes place. So, I think the regression potential is low.

[Other Info]

VLC 2.2 maintenance branch.
http://git.videolan.org/?p=vlc/vlc-2.2.git;a=summary

Changes between 2.2.7 and 2.2.8:
--------------------------------

Demuxers:
* Fix AVI invalid pointer dereferences

Translations updates

Changes between 2.2.6 and 2.2.7:
--------------------------------

Decoders:
* Fix flac heap write overflow on format change
* Fix crash in libavcodec module (heap write out-of band) (CVE-2017-10699)
* Fix infinite loop in sami subtitle
* Fix AAC 7.1 channels detection

Demuxers:
* Fix potential crash in ASX parser
* Fix AVI read/write overflow

Mac OS X:
* Fix compatibility with macOS High Sierra
* Fix regression in ASS subtitle decoding
* Fix crash during automatic update. Some users might need to manually
update to the newest version.

Video Output:
* Fix Direct3D9 output with odd offsets

Misc:
* Fix crash in MTP
* Support libupnp 1.8

Translations updates

Changes between 2.2.5.1 and 2.2.6:
----------------------------------

Video output:
* Fix systematic green line on nvidia
* Fix direct3d SPU texture offsets handling

Demuxer:
* Fix heap buffer overflows

Changes between 2.2.5 and 2.2.5.1:
----------------------------------

Security hardening for DLL hijacking environments

Translations updates

Misc:
* Update for Soundcloud, liveleak and Youtube scripts
* Fix potential out-of-band dereference in flac decoder
* Fix potential out-of-band reads in mpeg packetizers
* Fix infinite loop in subtitles demuxer
* Fix incorrect memory free in ogg demuxer
* Fix potential out-of-band reads in subtitle decoders and demuxers
* Fix green line on Windows with odd sizes

Changes between 2.2.4 and 2.2.5:
--------------------------------

Decoder:
* Fix mp3 playback quality regression in libmad
* Fix video scaling in VDPAU
* Fix playback of palettized codecs
* Fix ADPCM heap corruption (FG-VD-16-067)

Demuxer:
* Fix possible ASF integer overflow
* Fix MP4 divide-by-zero

Video output:
* Fix green line on Windows with AMD drivers

Access:
* Fix crash in screen recording on Windows
* Fix FTP scan string injection

Mux:
* Fix mp4 drift

Windows:
* The plugins loading will not load external DLLs by default.
Plugins will need to LoadLibrary explicitely.
* Fix uninstaller path handling

MacOS:
* Fix scrolling sensitivity on Sierra
* Resume points are deleted now if the user clears the list of
recent items

Changes between 2.2.3 and 2.2.4:
--------------------------------

Decoder:
* Fix crash in G.711 wav files
* Fix mp3 crash in libmad
* Fix out-of-bound write in adpcm QT IMA codec (CVE-2016-5108)

Qt:
* Fix resizing issues

Win32:
* Fix overlay creation on Windows XP for DirectDraw video output

Misc:
* Build fixes for Hurd

Translations:
* Update of Bulgarian, Catalan, German, French, Italian, Marathi, Norwegian
Bokmål, Norwegian Nynorsk, Portuguese, Slovak, Spanish (Mexico), Swedish,
Simplified Chinese, and Traditional Chinese translations

Changes between 2.2.2 and 2.2.3:
--------------------------------

Demux:
* Fix HLS quality selection and a potential stack overflow
* Fix potential MKV infinite loop and improve MKV tags support
* Fix WMV regression

Decoder:
* Fix hardware decoding with libvdpau-va-gl
* Fix crashes with libvpx
* Use libass without caching dialog

Video Ouptut:
* Fix green lines on Direct3D output

Skins2:
* Fix maximizing Window in multi-screen context

Qt:
* Fix resume where you left off
* Fix infinite recursion in the customize dialog
* Fix size when switching to/from the minimal interface
* Fix size after resume toolbar is displayed

MacOS X:
* Fix crashes in media information panel
* Correctly respect the disable-screensaver option

Win32:
* Allow opening more than 15 elements in Explorer

Translations:
* Update of most translations

See original description

Tags:

CVE References

2016-5108

Amr Ibrahim (amribrahim1987) on 2016-05-09

description:

updated

Amr Ibrahim (amribrahim1987) on 2016-06-07

summary:	- [SRU] Update to bugfix release 2.2.3 in Xenial + [SRU] Update to bugfix release 2.2.4 in Xenial
description:	updated

Jeremy Bícha (jbicha) on 2016-07-06

Changed in vlc (Ubuntu):
status:	New → Fix Released

Amr Ibrahim (amribrahim1987) on 2016-07-06

information type:

Public → Public Security

Amr Ibrahim (amribrahim1987) on 2016-10-16

summary:	- [SRU] Update to bugfix release 2.2.4 in Xenial + [SRU] Update to bugfix release 2.2.5 in Xenial
description:	updated

Amr Ibrahim (amribrahim1987) on 2017-08-09

description:	updated
summary:	- [SRU] Update to bugfix release 2.2.5 in Xenial + [SRU] Update to bugfix release 2.2.6 in Xenial