[SECURITY] [DLA 3679-1] vlc security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3679-1] vlc security update
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 30 Nov 2023 23:55:58 +0000
Message-id: <[🔎] ZWkhDoXyF20aUZB0@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3679-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
November 30, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : vlc
Version        : 3.0.20-0+deb10u1
CVE ID         : CVE-2023-47359 CVE-2023-47360

Two vulnerabilities in the MMS over HTTP protocol have been fixed in the
VLC media player, which has also been upgraded to the latest upstream version.

CVE-2023-47359

    Heap buffer overflow in the MMSH module.

CVE-2023-47360

    Integer underflow in the MMSH module.

For Debian 10 buster, these problems have been fixed in version
3.0.20-0+deb10u1.

We recommend that you upgrade your vlc packages.

For the detailed security status of vlc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vlc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmVpIQ4ACgkQiNJCh6LY
mLGHLg/9GBSxTXHx2fj1c5Nqa9pFsMwLVgEt1YBUnsbHHlQFvbJT+MnjswrBZR/2
PjsiCCqqN0Yf0803h8Bf2JGxZRq/e+yBn0wfWke1mIl8Gb2o/IGmAW5xsUq1klZA
0n8/8Rdyych4XqiGIrdnhaxDwRH7ASFuRArFPXggtQEBFRxn5NMdRlxlq8Ks+Oy5
CSAfybAbF8Pyr7B08wr5KyI71BC+3UZZoMMqvuGqqNQvwX9aZX9MkBCJHz8WgwC3
CDHzXhhCjDYqvEOC8aaJRe4sI9TJ+yv6Tz1HFVqlbig9fzlb+kiY1hOSR0yVSQf2
dJyIRCmRDdh5VYDwhSEGh12LuF5TXSJ168chOabrp0TWp0s4rlq4AQhfRwSTMv5O
MGCaMuNpjQhg8sxJ5HYnklbGe39+x/Es4kFSkcMzf1V86OpiEIdXdj8NFRvEf1tk
h+b1UrIX9nWhuI02IHSx8J56Oa/8qZLjgDDnSds4/IMmJNYX35RNYxaY3melN8AD
UNuSk9YI1arrfFqmB7fNQpwzG26usrUibDcf5lgxQiZoBgF/dzHAxjdjYbLQd6vq
681S5+BXeTXfqge5SqFlWrxVXSOjofmE5yWLVBbKKlwasNDfqYkxJZCsAMSmwQKq
4tfFPcbhV8x29lCDJbK9WMYI2P80tpWG853w+X0nf9Q5G+c+NkE=
=aEDz
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3676-1] horizon security update
Previous by thread: [SECURITY] [DLA 3676-1] horizon security update
Index(es):
- Date
- Thread