[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted vlc 3.0.8-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 20 Aug 2019 20:34:42 +0200
Source: vlc
Architecture: source
Version: 3.0.8-0+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 923017 929491 932131 932182
Changes:
 vlc (3.0.8-0+deb10u1) buster-security; urgency=high
 .
   * New upstream release.
     - Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
     - Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
     - Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
       CVE-2019-14438)
     - Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
     - Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
     - Fix a use after free in the ASF demuxer (CVE-2019-14533)
     - Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
       (Closes: #932131)
     - Fix a null dereference in the ASF demuxer (CVE-2019-14534)
     - Fix a division by zero in the CAF demuxer (CVE-2019-14498)
     - Fix a division by zero in the ASF demuxer (CVE-2019-14535)
     - Fix a division by zero when playing DVDs. (Closes: #929491, #923017,
       #932182)
   * debian/control: Bump libebml-dev B-D according to configure check changes.
   * debian/patches: Revert modplug version bump. We use the libopenmpt compat
     layer anyway.
Checksums-Sha1:
 49527257e382a5df91166db898732064d6cc1efd 6471 vlc_3.0.8-0+deb10u1.dsc
 424a9795e051c198e7fa28107b15809ee6820d43 26041520 vlc_3.0.8.orig.tar.xz
 1aa21f1e218dbcd57ed6d86c2bd557650e1cd48a 195 vlc_3.0.8.orig.tar.xz.asc
 66e64e437530401deaf9026c97e1c9dd20090892 64200 vlc_3.0.8-0+deb10u1.debian.tar.xz
Checksums-Sha256:
 ef491979936cbc5f8537185823aece76d853255c9c3f34297a56ce1fde3ac88a 6471 vlc_3.0.8-0+deb10u1.dsc
 e0149ef4a20a19b9ecd87309c2d27787ee3f47dfd47c6639644bc1f6fd95bdf6 26041520 vlc_3.0.8.orig.tar.xz
 2a314b27cea06447edd7e99b098c837095dce8f77a2372f5a0612de746b96a38 195 vlc_3.0.8.orig.tar.xz.asc
 e17a0013793480c9d8c41cd0a25921b17ef5370a909b3c89d5991d96211c5cf6 64200 vlc_3.0.8-0+deb10u1.debian.tar.xz
Files:
 55c99b09e5fa2f06913512c441fa2467 6471 video optional vlc_3.0.8-0+deb10u1.dsc
 744442ec0c145453ea1d257914c8072e 26041520 video optional vlc_3.0.8.orig.tar.xz
 34629d2e46dcbf17be97d483bd34bfa6 195 video optional vlc_3.0.8.orig.tar.xz.asc
 649c15eb0d2dd98287d1e5742dcf23aa 64200 video optional vlc_3.0.8-0+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAl1cUdEACgkQafL8UW6n
GZOHwhAAoLN8CymATzAnDxV2IGe8eyknyOt5zSpIVjGkpPQzrZlAmBl+htKts6vd
wIZfmTfFLKmP0sHxRc3vVKlcGviJ6hQkTT70FLsgk0l3d+Icg00Rqu+Stgh2GZZw
keJWSTcjUj+ElKqLYVrqnECqQtx9eYG2DDqw+SscrKm3XRIqQPI+jf2CpIvBuXBT
nK1SFW36K5R7ddLlksc+LBFz7qUNlCpq5U0mFVy3xHn653yvdIEIe1oZ6/KxsgVs
8abrxJcsPbdTbpvoQYDDsfedRb5U4EHfftpmm0S0OtnHcSdMi8UrZ92Rw0cnDnjX
We7/0wrW1JAiP96wnopLib0QzAithT5G9bph7TkylFLX74GdkQVoCgoA0FerenX2
4AavIL2kfsgXLxqm857ObS8MowDimi0oObW+N87362RzoSmrt4zPY1CKQrXdhkqm
IQWNTGxI7RTtP3Xij0UviYKkZGUM3Rt9MkWD52p0OXBkngwbUkt3h76/Zkgz02j+
lDRz2TPV8O/ZHwbBDHsQd3E1GRe63cj8nUd6Krbb1aeqH+/Shq9SsgJyKUDPDdZh
1XVYsucAOSKn/beHNOeTtIRA1O4PPA0mQAUkrZO6J4oWwM3oun5CNv/pVpaMWT0o
Omeo67sK2JUL+qL01CRAF4KzaVhRUho4idBBOPYMQdpOqGbXfBE=
=JpD/
-----END PGP SIGNATURE-----
Reply to: