lp:ubuntu/dapper-security/vlc

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

16. By Emanuele Gentili on 2008-04-01

* SECURITY UPDATE: (LP: #207284)
 + debian/patches/031_CVE-2008-1489.dpatch
  - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
    remote attackers to cause a denial of service (crash) and possibly
    execute arbitrary code via a crafted MP4 RDRF box that triggers a
    heap-based buffer overflow.

* References
 + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
 + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

15. By Emanuele Gentili on 2008-02-27

* SECURITY UPDATE:
  - debian/patches/CVE-2008-0984.dpatch (LP: #195949)
   + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
     suffers from an arbitrary memory overwrite vulnerability when using
     crash the player instance.

* References
  - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
  - http://www.videolan.org/security/sa0802.html

14. By magilus on 2007-01-27

Fix format string vulnerability with patch taken from Debian BTS
MOAB-02-01-2007-CVE-2007-0017.dpatch, CVE-2007-0017. Closes Malone: #78610

13. By Daniel T Chen on 2006-05-23

"'Time to race', she said, 'Race the downhill'."

* Add debian/patches/24_prefs_stacking_fix, fixing stacking in
  Preferences dialog. Taken from upstream svn changeset 13795, thanks
  to Bruce Cowan (Closes: Malone #31891).
* Demote ttf-freefont, ttf-thryomanes to Suggests as the former
  provides bad metrics for Thai. See Debian #362071 for additional
  information.
* Don't use gcc-snapshot as the compiler. See Debian #361729 for more
  information.
* Make vlc.desktop HIG-compliant.
* Rebuild against new libebml-dev and libmatroska-dev, fixing crashes
  with Matroska files (Closes: Malone #29644).
* Use our own faad2 and x264, fixing garbled graphics (Closes: Malone
  #28539). Please see Debian #365389 if the inclusion of these
  libraries stirs your ire.

12. By Daniel T Chen on 2006-03-05

* Integrate updates from Debian:
  - Enable support for zeroconf/bonjour, musepack decoding, and VCD
    navigation (and adjust debian/{control,rules} accordingly, adding
    debian/patches/22_avahi_client_0.6_api).

11. By Oliver Grawert on 2006-02-28

* removed nonexistent xlibs-static-pic build dep to fix FTBFS
* changes UBUNTU_ENV from /usr/lib/mozilla-firefox/xpidl
  to /usr/lib/firefox/xpidl to fix FTBFS
* added 21_gnome-screensaver-support.dpatch to automagically
  disable screensavers while playing a movie

10. By Daniel T Chen on 2005-12-30

* debian/control: Replace mozilla-dev build dependency with
  firefox-dev. Change mozilla-plugin-vlc's Recommends appropriately.
  Fixes FTBFS due to mozilla-dev muck on [!amd64].
* debian/rules: Elide Ubuntu modifications into UBUNTU_ENV to pass
  to configure (MOZILLA_CONFIG=/usr/bin/firefox-config ,
  XPIDL=/usr/lib/mozilla-firefox/xpidl)

9. By Daniel T Chen on 2005-12-22

Rebuild for new dbus.

8. By Daniel T Chen on 2005-11-27

* Resynchronise with Debian:
  - Fix build dependency on GL headers.
  - Reintegrate patch for HAL 0.5 API in src/libvlc.c(Debian#332927),
    fixing FTBFS.
  - Fix broken mailcap entries in vlc.mime (Closes: Debian#340434,
    Debian#339570).
  - Make vlc depend on vlc-plugin-alsa (Closes: #3678, #4544).
  - Fix unicast streaming (Closes: #4444).

7. By Daniel T Chen on 2005-10-25

* New svn checkout to fix the Unicode issues once and for all that
  forced build-depending on libwxgtk2.4-dev in Breezy. Change _back_
  to build-depend on libwxgtk2.6-dev (Closes: #3179, #3505, #3559).
* Use hal patch from 0.8.4-svn20050920-3+hal0.
* debian/:
  + Major purge of unused dpatches.