Ubuntu

lp:ubuntu/hardy-security/vlc

Created by James Westby on 2009-07-14 and last modified on 2009-07-14
Get this branch:
bzr branch lp:ubuntu/hardy-security/vlc
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

43. By Marc Deslauriers on 2009-06-28

* SECURITY UPDATE: aribrary code execution via invalid cue image file.
  (LP: #294243)
  - debian/patches/042_CVE-2008-5032.diff: make sure we don't overflow
    p_sectors in modules/access/vcd/cdrom.c
  - CVE-2008-5032

42. By William Grant on 2008-09-21

* SECURITY UPDATE: multiple denials of service and arbitrary code execution
  vulnerabilities. (LP: #262705)
  - debian/patches/040_CVE-2008-3732.diff: Fix TTA integer handling. Fixes
    arbitrary code execution. Patch from upstream git.
  - debian/patches/041_CVE-2008-3794.diff: Fix MMS integer handling. Fixes
    arbitrary code execution. Patch from upstream git.
  - References:
    + http://www.videolan.org/security/sa0807.html
    + CVE-2008-3732
    + CVE-2008-3794

41. By William Grant on 2008-07-13

* SECURITY UPDATE: multiple denials of service, arbitrary code execution and
  arbitrary file overwriting vulnerabilities. (LP: #238873)
  - debian/patches/032_CVE-2007-6683.diff: Assume unsafe Mozilla variable
    settings. Fixes file overwriting. Patch from upstream git.
  - debian/patches/033_CVE-2008-0073.diff: Check that the RTSP stream ID
    isn't too large. Fixes arbitrary code execution. Patch from upstream git.
  - debian/patches/034_CVE-2008-1686.diff: Check that the Speex header mode
    is positive. Fixes arbitrary code execution. Patch from upstream git.
  - debian/patches/038_CVE-2008-1768.diff: Fix a buffer overflow in the MP4
    decoder, and an integer overflow in both the Cinepak and Real decoders.
    Patches from upstream git.
  - debian/patches/035_CVE-2008-1769.diff: Perform an appropriate boundary
    check on frames in Cinepak streams. Fixes denial of service. Patch from
    upstream git.
  - debian/patches/036_CVE-2008-1881.diff: Fix subtitle format strings.
    Properly fixes CVE-2007-6681, an arbitrary code execution vulnerability.
    Patch from upstream git.
  - debian/patches/037_CVE-2008-2147.diff: Only search for plugins in the
    normal path. Fixes arbitrary code execution. Patch from upstream git.
  - debian/patches/038_CVE-2008-2430.diff: Fix integer overflow in the WAV
    demuxer. Fixes arbitrary code execution. Path from upstream git.
  - References:
    + CVE-2007-6681
    + CVE-2007-6683
    + CVE-2008-0073
    + CVE-2008-1686
    + CVE-2008-1768
    + CVE-2008-1769
    + CVE-2008-1881
    + CVE-2008-2147
    + CVE-2008-2430

40. By Luke Yelavich on 2008-04-12

* debian/control: Make vlc-plugin-pulse a dependency of vlc, to enable pulseaudio
  by default. (LP: #208579)
* debian/patches/demuxer-fix.diff: Patch to fix FTBFS, thanks to Gentoo bug
  214809.

39. By Mario Limonciello on 2008-03-27

Add 031_CVE_2008_1489.diff from git head
to fix CVE-2008-1489. (LP: #207284)

38. By Mario Limonciello on 2008-03-25

[ Mario Limonciello ]
* New upstream version. (LP: #206918)
  - New versioning scheme to bring attention to the fact that
    faad and x264 are in the .orig.tar.gz.
  - Fixes 6 CVEs (LP: #196452)
    + CVE: 2007-6681
    + CVE: 2007-6682
    + CVE: 2007-6683
    + CVE: 2008-0295
    + CVE: 2008-0296
* Drop 021_CVE-2008-0984 as it's included upstream.
* debian/rules:
  - Adjust items touched for faad2 when building.
  - Apply all faad2 patches when building
* debian/control:
  - Add dpatch, libfaad-dev, and autotools-dev to build-depends to allow
    faad2 to build again.
  - Add automake, cvs, and libtool to build depends (now needed for building VLC)

[ Martin Hamrle ]
 * Add new package with pulse output plugin (LP: #196417)
   - debian/patches/030_pulse.diff:
     + patch from upstream trunk to support pulseaudio output
   - debian/rules:
     + enable pulseaudio
   - debian/control:
     + add dependencies to libpulse-dev
     + new package description
   - Creates a NEW binary package, requiring FFe (LP: #204050)

37. By Martin Hamrle on 2008-03-11

* Add new package with pulse output plugin (LP: #196417)
  - debian/patches/030_pulse.diff:
    + patch from upstream trunk to support pulseaudio output
  - debian/rules:
    + enable pulseaudio
  - debian/control:
    + add dependencies to libpulse-dev
    + new package description

36. By Andrew Starr-Bochicchio on 2008-03-18

[ Andrew Starr-Bochicchio (andrewsomething) ]
* Added Catalan, Spanish, and Polish translations to .desktop file in debian/. (LP: #199413)
 - Thanks to Siegfried Gevatter (RainCT) and Tomasz Dominikowski.

[ Siegfried-Angel Gevatter Pujals ]
* debian/vlc.desktop:
  - Update .desktop file to the current FD.o specifications.

35. By Stephan Adig on 2008-03-06

* debian/patches/022_no_cpu_consumption.diff: (LP: #104698)
  - Fix CPU consumption when fake-tty mode is enabled
    Thx to bma (No Real Name) for providing the patch

34. By Emanuele Gentili on 2008-02-27

[ Emanuele Gentili ]
* SECURITY UPDATE:
  - debian/patches/021_CVE-2008-0984.diff (LP: #195949)
   + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer) suffers
     from an arbitrary memory overwrite vulnerability when using crash the player
     instance.

* References
  - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0984
  - http://www.videolan.org/security/sa0802.html

[ Mario Limonciello ]
* debian/control:
  - Build debian on libxul-dev instead of firefox-dev
* debian/rules:
  - Use xulrunner-config rather than firefox-config (LP: #194907)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/vlc
This branch contains Public information 
Everyone can see this information.

Subscribers