Bug#979676: marked as done (CVE-2020-26664)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sat, 23 Jan 2021 15:47:18 +0000
with message-id <E1l3L8A-0009EK-4Z@fasolo.debian.org>
and subject line Bug#979676: fixed in vlc 3.0.12-0+deb10u1
has caused the Debian Bug report #979676,
regarding CVE-2020-26664
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
979676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979676
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: CVE-2020-26664
• From: Moritz Muehlenhoff <jmm@debian.org>
• Date: Sat, 09 Jan 2021 23:52:46 +0100
• Message-id: <[🔎] 161023276639.33740.16899642462741271079.reportbug@hullmann.westfalen.local>

Package: vlc
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

This was assigned CVE-2020-26664:

https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c
https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt

For stable, this doesn't really warrant an update for this issue alone,
but we can ship 3.0.12 when released.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

• To: 979676-close@bugs.debian.org
• Subject: Bug#979676: fixed in vlc 3.0.12-0+deb10u1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Sat, 23 Jan 2021 15:47:18 +0000
• Message-id: <E1l3L8A-0009EK-4Z@fasolo.debian.org>
• Reply-to: Sebastian Ramacher <sramacher@debian.org>

Source: vlc
Source-Version: 3.0.12-0+deb10u1
Done: Sebastian Ramacher <sramacher@debian.org>

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 979676@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Jan 2021 17:35:27 +0100
Source: vlc
Architecture: source
Version: 3.0.12-0+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 979676
Changes:
 vlc (3.0.12-0+deb10u1) buster-security; urgency=medium
 .
   * New upstream release
     - mkv: Fix heap-based buffer overflow (CVE-2020-26664) (Closes: #979676)
   * debian/vlc-plugin-base.install: Install RIST plugins
Checksums-Sha1:
 693779a06e0f99038b26cd9957984b7701746c68 6464 vlc_3.0.12-0+deb10u1.dsc
 39ef414a07202ec6569acda4c5d91e8576d453bf 25997468 vlc_3.0.12.orig.tar.xz
 41d83ae1d56eb1322d236279780785ee5d8aabf8 195 vlc_3.0.12.orig.tar.xz.asc
 964cb1052aa235ef5b45fd3405e4b28d627d47fc 64324 vlc_3.0.12-0+deb10u1.debian.tar.xz
Checksums-Sha256:
 547f2915c3997d393b46c4f29cca3d3c9bc28dfa63b011a8273abab6e899be7a 6464 vlc_3.0.12-0+deb10u1.dsc
 eff458f38a92126094f44f2263c2bf2c7cdef271b48192d0fe7b1726388cf879 25997468 vlc_3.0.12.orig.tar.xz
 c98be4369e791f34aa61122f3c25cbf1f4143b3581b5fe6cb3e0999f34779287 195 vlc_3.0.12.orig.tar.xz.asc
 302b18c0a6375e438ec06f7303cd84ea448c42f88e1d86af6bd06443c6fe3341 64324 vlc_3.0.12-0+deb10u1.debian.tar.xz
Files:
 2f7559bf47b68762bf47ea3b6983595f 6464 video optional vlc_3.0.12-0+deb10u1.dsc
 452d3423bcbaf1b85faebab0c45a7ecf 25997468 video optional vlc_3.0.12.orig.tar.xz
 4475afc8e9ae87255b65388f86b09634 195 video optional vlc_3.0.12.orig.tar.xz.asc
 e45d307a7b988a6597e8100749c4b235 64324 video optional vlc_3.0.12-0+deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmAJ9XoACgkQafL8UW6n
GZPx6g/+N9Y336RSA150uV7WdzWaUS+qFCGyIHsWcLrALBtUppwdHYnXHSMXBcU5
qX0QCkro6ch2J/cMpJCypsdpSWEhg8DwLIWu5kopPmAa1dqwBRho8NWr3tOLOGXR
sMe2b3P9eAvuhOYcoYINE3quGIgDZIXODLWPt+bQ9KFLZ91uNXihb2bhilFxyafB
1vFB5mkOr6t1OsLnJE6qfGLsX2CqIvWXoysAkQuV9cafy408/LCgY2XmIigpiisw
qZyXM9wh/lqRC+/v1I1p38iND7VZHgJP/vAdHa3QpHy3IXERxLiIzSjz17nL0qqo
fkKMI+AicopG7FxF0MlORUz2kLK9U4jzOmpMHbAOG4w09QwN3gOwAG8H7EvUj1Vd
KjcJJDO7gnoJFmKZEl46Bnwob042mcc4zD04mIfIjpd7JAd2QF5S3t5/unm9N1+B
zYBZS/UNh5I57hIv8d6trB+HOOlX/RIdQYBONExVt/x2Q+BK0Ai2KAQApSwUSDFG
4FfQvXwV/ErtkyvFlZ6zajNcC73yhvJliGxxMj0lCABvjlR/ISghP7ajXI0mxeA1
NEr+2uujSWmIEo1DQEuI16v9zhdIISB2htIECxKrBbGi5wX7tcZkiLnWdFtbcBEG
PkkEvDemL2yH+CgJJZ9pAEE38nIs62ZfLxSYeQh9bFmgY+JA5DA=
=f72c
-----END PGP SIGNATURE-----

--- End Message ---