Bug#930276: vlc: multiple vulnerabilities fixed in 3.0.7 release

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#930276: vlc: multiple vulnerabilities fixed in 3.0.7 release
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 09 Jun 2019 18:43:44 +0200
Message-id: <[🔎] 156009862482.7309.16367612768715735221.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 930276@bugs.debian.org

Source: vlc
Version: 3.0.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: fixed -1 3.0.7-1
Control: found -1 3.0.6-0+deb9u1

Hi

Given there are no CVEs for the repsective issues (so far) add a
single tracking bug in the BTS to get a reference, fixed already in
3.0.7-1 in unstable:

 vlc (3.0.7-1) unstable; urgency=high
 .
   * New upstream release.
     - Fix multiple integer overflows.
     - Fix multiple buffer overflows.
     - Fix use-after-free issue.
     - Fix NULL pointer dereference.
     - Fix other memory access bugs and infinite loops.
   * debian/rules: Be explicit about --enable-debug/disable-debug.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: vlc: multiple vulnerabilities fixed in 3.0.7 release
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#930276: marked as done (vlc: multiple vulnerabilities fixed in 3.0.7 release)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#930232: vlc: No video output in any video
Next by Date: Processed: vlc: multiple vulnerabilities fixed in 3.0.7 release
Previous by thread: calf_0.90.2-1_source.changes ACCEPTED into experimental
Next by thread: Processed: vlc: multiple vulnerabilities fixed in 3.0.7 release
Index(es):
- Date
- Thread