lp:ubuntu/feisty-security/vlc
- Get this branch:
- bzr branch lp:ubuntu/feisty-security/vlc
Branch merges
Branch information
Recent revisions
- 26. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #207284)
+ debian/patches/ 031_CVE- 2008-1489. diff
- Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a crafted MP4 RDRF box that triggers a
heap-based buffer overflow.* References
+ http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= 2008-1489
+ http://trac.videolan. org/vlc/ changeset/ 09572892df7e72c 0d4e598c0b5e076 cf330d8b0a - 25. By Emanuele Gentili
-
* SECURITY UPDATE:
- debian/patches/ 031_CVE- 2008-0984. diff (LP: #195949)
+ VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
suffers from an arbitrary memory overwrite vulnerability when using
crash the player instance.* References
- http://cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2008- 0984
- http://www.videolan. org/security/ sa0802. html - 24. By Luke Yelavich
-
debian/control: Revert back to building against libwxgtk2.6-dev
(Closes LP: #91248) - 22. By Daniel T Chen
-
* debian/control:
- Adhere to DebianMaintainerField,
- Build against libwxgtk2.8-dev, Closes:
LP: #54548
LP: #84098
* debian/patches: Add 030_CVE-2007-0017. diff to quilt's series
- Reference: CVE-2007-0017 - 21. By Daniel T Chen
-
* New upstream release (0.8.6):
- Autostart in mozilla plugin reenabled (Closes Ubuntu: #67402),
- ffmpeg demux fixed (Closes Ubuntu: #69849),
- Segfault with SAP playlist announcement loading fixed
(Closes Ubuntu: #70664).
* debian/patches/ 020_notify. diff: Rediff. - 20. By Daniel T Chen
-
* Merge from Debian unstable, remaining Ubuntu changes:
- debian/control: Don't build-depend on libtwolame-dev, a newer
version of libcaca-dev, or linux-kernel-headers (Ubuntu Edgy
does not have them),
- debian/patches/ 001_1008snap. {fixes, translations} .diff: Remove,
this is a new upstream version, fixes FTBFS on translations,
- debian/rules: Use Ubuntu-specific configure options (firefox).
* New upstream snapshot fixes wxvlc not stopping when 'close
button' is clicked (Closes Ubuntu: #54630).
* New upstream snapshot has more robust x264 support
(Closes: Ubuntu #62217).
* Segfault when using HTTP interface was fixed in
0.8.6-svn20060918. debian- 1ubuntu4 (Closes Ubuntu: #63833).
* New upstream snapshot should resolve issues with skins2/wxw
interfaces (Closes: Ubuntu #64975). - 19. By Daniel T Chen
-
* Backport fixes from Debian's 10/08 snapshot, fixing heap smashing
with HTTP interface (Closes Ubuntu: #63833),
* Realign packaging with Debian's 10/08 snapshot, updating rules
and *.install,
* Correct previous changelog entry that erroneously marked Ubuntu
#62856 as resolved. - 18. By Daniel T Chen
-
Backport fixes from Debian's 0925 snapshot, fixing failure to
read rtsp streams from Freebox (Closes Ubuntu: #62856, #63135). - 17. By Daniel T Chen
-
debian/rules: Remove --enable-dmo --enable-loader from i386
$(vlc_confflags). With the dh_install -si --fail-missing
semantics, arch-specific exceptions aren't possible. Fixes
FTBFS on i386.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/vlc