Bug #795410 “VLC XSPF integer overflow” : Bugs : vlc package : Ubuntu

Rémi Denis-Courmont (rdenis) on 2011-06-10

visibility:

private → public

Rémi Denis-Courmont (rdenis) on 2011-06-11

Changed in vlc (Ubuntu):
status:	New → Confirmed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-06-11:

#1

This bug was fixed in the package vlc - 1.1.10-1ubuntu1

---------------
vlc (1.1.10-1ubuntu1) oneiric; urgency=low

* Merge from Debian unstable, remaining changes:
- build and install the libx264 plugin

vlc (1.1.10-1) unstable; urgency=high

  [ Benjamin Drung ]
  * New upstream release.
    - Security: Fix XSPF integer overflow (CVE-2011-2194) (LP: #795410)
    - Improve .desktop file:
      - Add smb as supported protocol (Closes: #622879, LP: #737192)
      - add video/webm to supported MIME formats (LP: #769463)
    - Fix libdvdread errors while playing ogg files (Closes: #622935)
    - Support three channels in pulseaudio output plugin (LP: 743478)
    - PulseAudio output re-written due to unstability of the current one
      (LP: #743323)
    - Fix crashes (LP: #754497, #785979)
    - Qt: allow drag and drop of any URL, not just a local file (LP: #664030)
    - Fix libvlcplugin.so: undefined symbol: NPP_Initialize (LP: #722690)
  * Refresh patches.
  * Drop as-needed patch due to autoreconf run.
  * Backport PulseAudio build fix.
  * Add GNOME MIME types for Ogg Vorbis and Ogg Theora (Closes: #629619).
  * Mention potcast support in package description (Closes: #488771).

  [ Reinhard Tartler ]
  * run autoreconf on the buildds
  * Weaken dependencies on libschroedinger
-- Benjamin Drung <email address hidden> Sat, 11 Jun 2011 19:56:27 +0200

Changed in vlc (Ubuntu):
status:	Confirmed → Fix Released

Revision history for this message

Benjamin Drung (bdrung) wrote on 2011-06-11:

#2

vlc_1.1.9-1ubuntu1.1.debdiff Edit (2.3 KiB, text/plain)

vlc (1.1.9-1ubuntu1.1) natty-security; urgency=low

  * SECURITY UPDATE: Integer overflow in XSPF playlist parser (LP: #795410)
    - debian/patches/fix-xspf-integer-overflow.patch: Fix realloc() integer
      overflow, thanks to Rémi Denis-Courmont
    - CVE-2011-2194
    - VideoLAN-SA-1104

-- Benjamin Drung <email address hidden> Sat, 11 Jun 2011 21:03:49 +0200

Revision history for this message

Benjamin Drung (bdrung) wrote on 2011-06-11:

#3

vlc_1.1.4-1ubuntu1.6.debdiff Edit (2.1 KiB, text/plain)

Revision history for this message

Benjamin Drung (bdrung) wrote on 2011-06-11:

#4

vlc_1.0.6-1ubuntu1.7.debdiff Edit (1.7 KiB, text/plain)

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2011-06-12:

#5

ACK on the debdiffs. Uploading now, and will release when built. Thanks!

Changed in vlc (Ubuntu Lucid):
status:	New → Fix Committed
Changed in vlc (Ubuntu Maverick):
status:	New → Fix Committed
Changed in vlc (Ubuntu Natty):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-06-12:

#6

This bug was fixed in the package vlc - 1.1.9-1ubuntu1.1

---------------
vlc (1.1.9-1ubuntu1.1) natty-security; urgency=low

  * SECURITY UPDATE: Integer overflow in XSPF playlist parser (LP: #795410)
    - debian/patches/fix-xspf-integer-overflow.patch: Fix realloc() integer
      overflow, thanks to Rémi Denis-Courmont
    - CVE-2011-2194
    - VideoLAN-SA-1104
-- Benjamin Drung <email address hidden> Sat, 11 Jun 2011 21:03:49 +0200

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-06-12:

#7

This bug was fixed in the package vlc - 1.1.4-1ubuntu1.6

---------------
vlc (1.1.4-1ubuntu1.6) maverick-security; urgency=low

  * SECURITY UPDATE: Integer overflow in XSPF playlist parser (LP: #795410)
    - debian/patches/fix-xspf-integer-overflow.patch: Fix realloc() integer
      overflow, thanks to Rémi Denis-Courmont
    - CVE-2011-2194
    - VideoLAN-SA-1104
-- Benjamin Drung <email address hidden> Sat, 11 Jun 2011 21:17:55 +0200

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-06-12:

#8

This bug was fixed in the package vlc - 1.0.6-1ubuntu1.7

---------------
vlc (1.0.6-1ubuntu1.7) lucid-security; urgency=low

  * SECURITY UPDATE: Integer overflow in XSPF playlist parser (LP: #795410)
    - debian/patches/fix-xspf-integer-overflow.patch: Fix realloc() integer
      overflow, thanks to Rémi Denis-Courmont
    - CVE-2011-2194
    - VideoLAN-SA-1104
-- Benjamin Drung <email address hidden> Sat, 11 Jun 2011 21:29:56 +0200

Changed in vlc (Ubuntu Lucid):
status:	Fix Committed → Fix Released
Changed in vlc (Ubuntu Maverick):
status:	Fix Committed → Fix Released
Changed in vlc (Ubuntu Natty):
status:	Fix Committed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2012-11-06

Changed in vlc:
status:	Unknown → Fix Released

	Status	Importance	Assigned to
VLC media player	Fix Released	Unknown	vlc-trac-bugs #4869
vlc (Ubuntu)	Fix Released	Undecided	Unassigned
Lucid	Fix Released	Undecided	Unassigned
Maverick	Fix Released	Undecided	Unassigned
Natty	Fix Released	Undecided	Unassigned

Ubuntu
vlc package

VLC XSPF integer overflow

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntuvlc package

VLC XSPF integer overflow

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
vlc package