Ubuntu
vlc package

Please merge vlc 1.0.1-1 from Debian unstable (main)

Bug #406602 reported by freddy3980
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Here's a short changelog:

    * fix flv and mpeg2 seeking,
    * fixes for wmv, wav, rtsp and ssa support,
    * fixes for Qt and Mac OS X interface,
    * fix an integer underflow in Real pseudo-RTSP module,
    * updates of some translations,
    * port of the ZVBI module to Windows for full teletext support and
    * codecs updates for Windows and Mac OS X versions.

Related branches

lp:ubuntu/lucid/vlc
Revision history for this message
CeesSluis (testcees) wrote :

VLC Media Player 0.9.9 for Windows is vulnerable; other versions may also be affected. See http://www.securityfocus.com/bid/35500
This security issue is solved in the new version.

Revision history for this message
Tom rooze.sen (tomrooze-sen) wrote :

Please enter a security update VLC 0.0.9a to 1.0.1.
Grtz Tom,

Revision history for this message
Pjotr12345 (computertip) wrote :

Please update quickly. Also for Hardy: VLC is still 0.8.6e in Ubuntu 8.04 LTS!

Security holes should be fixed as soon as possible. This is not acceptable.

Revision history for this message
Pjotr12345 (computertip) wrote :

Additional thought:
VLC is a Multiverse package, and Multiverse packages are treated differently from the rest.

But when a package is as widely used as VLC, nearly everyone installs it, it shouldn't be left to the PPA to provide security updates.

security vulnerability: no → yes
Adil Arif (adisari06)
affects: ubuntu → vlc (Ubuntu)
Revision history for this message
CeesSluis (testcees) wrote :

The security issue is described on http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2484

But this page is about "when running on Microsoft Windows". Has this vulnerability no security impact on Linux/Ubuntu?

Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :

Based on description of both commit (http://git.videolan.org/?p=vlc.git;a=commit;h=e60a9038b13b5eb805a76755efc5c6d5e080180f) and vulnerability itself I'd say that this isn't really a problem on Linux (the code affected isn't even compiled on Linux).

security vulnerability: yes → no
Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :

@Pjotr12345: Hardy follows our SRU policy, no new version of packages (with few exceptions) are allowed. Only fixes for some bugs are backported. There were already 3 updates for VLC in Hardy.
But still package should be merged from Debian.

Changed in vlc (Ubuntu):
importance: Undecided → Wishlist
summary: - Please update VLC to version 1.0.1
+ Please merge transmission 1.0.1-1 from Debian unstable (main)
Felix Geyer (debfx)
summary: - Please merge transmission 1.0.1-1 from Debian unstable (main)
+ Please merge vlc 1.0.1-1 from Debian unstable (main)
Chris Coulson (chrisccoulson)
Changed in vlc (Ubuntu):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.0.1-1ubuntu1

---------------
vlc (1.0.1-1ubuntu1) karmic; urgency=low

  * Merge from Debian unstable (LP: #406602, #407570), remaining changes:
    - build against xulrunner-dev instead of iceape-dev
    - build against libass-dev and libx264-dev
    - build against and install libx264 plugin
    - add Xb-Npp header to vlc package

vlc (1.0.1-1) unstable; urgency=low

  * New upstream bugfix version
    + Fix interger underflow in Real RTSP (DZC-2009-001, CVE pending)
    + Fix crashes in xspf files handler (LP: #365638)

  [ Reinhard Tartler ]
  * Add versioned build dependency on libschroedinger-dev

  [ Christophe Mutricy ]
  * Really build altivec-free libvlccore (Closes: #523035)
  * Depends on libdvbpsi5-dev and protect against future renaming of
    libdvbpsi development package
  * Remove patches applied upstream

 -- ALEFHAHMEEMDAL ALEFLAMMEEMHAHMEEMWAWDALYEH (Ahmed El-Mahmoudy) <email address hidden> Sat, 01 Aug 2009 05:54:24 +0300

Changed in vlc (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.