lp:ubuntu/lucid-security/vlc

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

79. By Benjamin Drung on 2011-07-18

* SECURITY UPDATE: Heap overflow in AVI demuxer (LP: #807488)
  - debian/patches/CVE-2011-2588.patch: AVI: fix heap buffer overflow,
    thanks to Rémi Denis-Courmont
  - CVE-2011-2588
  - VideoLAN-SA-1106

78. By Benjamin Drung on 2011-06-11

* SECURITY UPDATE: Integer overflow in XSPF playlist parser (LP: #795410)
  - debian/patches/fix-xspf-integer-overflow.patch: Fix realloc() integer
    overflow, thanks to Rémi Denis-Courmont
  - CVE-2011-2194
  - VideoLAN-SA-1104

77. By Marc Deslauriers on 2011-04-13

* SECURITY UPDATE: arbitrary code execution via crafted width
  - debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in
    src/video_output/video_output.c.
  - CVE-2010-3275
  - CVE-2010-3276
* SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
  - debian/patches/CVE-2011-1684.patch: fix buffer overflow in
    modules/demux/mp4/libmp4.c.
  - CVE-2011-1684

76. By Benjamin Drung on 2011-02-10

* SECURITY UPDATE: memory corruption, code execution (LP: #714089)
  - debian/patches/mkv-input-validation.diff: Fix MKV improper input
    validation, thanks to Steve Lhomme
  - CVE-2011-0531
  - VideoLAN-SA-1102

75. By Benjamin Drung on 2011-01-24

* SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154)
  - debian/patches/cdg-heap-overflow.diff: Fix heap overflow in CDG
    decoder, thanks to Dan Rosenberg
* SECURITY UPDATE: heap corruption in some XML based subtitles decoder
  - debian/patches/xml-heap-corruption.diff: Handle early termination
    properly in StripTags, thanks to Harry Sintonen

74. By Benjamin Drung on 2010-12-30

* SECURITY UPDATE: Buffer overflow in Real demuxer (LP: #690173)
  - modules/demux/real.c: Fix heap buffer overflow, thanks to Rémi
    Denis-Courmont
  - CVE-2010-3907
  - VideoLAN-SA-1007

73. By Benjamin Drung on 2010-08-17

* SECURITY UPDATE: Insufficient input validation in VLC TagLib plugin
  (LP: #616510).
  - debian/patches/CVE-2010-2937.patch: fix NULL deferences after dynamic
    cast, thanks to Lukáš Lalinský
  - CVE-2010-2937

72. By Benjamin Drung on 2010-04-23

* Merge from Debian unstable, remaining changes:
  - build and install the libx264 plugin
  - add Xb-Npp header to vlc package
  - Add patches 519-526 to fix FTBFS with xulruner-1.9.2 from upstream
  - Add 600-drop-OJI-xul-192.patch to drop OJI support as xulrunner-1.9.2 on
    Linux doesn't support it
  - Add apport hook to include more vlc dependencies in bug reports
  - Drop --sourcedir=debian/tmp from dh_install to install apport hook
* Drop 527-spanish-desktop.patch (merged upstream).

71. By Benjamin Drung on 2010-04-15

* debian/patches/527-spanish-desktop.patch: Add Spanish translation,
  thanks Ricardo Pérez López (LP: #534312).
* Add apport hook to include more vlc dependencies in bug reports;
  thanks to Brian Murray for it (LP: #538719).
* Drop --sourcedir=debian/tmp from dh_install to install apport hook.

70. By Micah Gersten on 2010-04-13

* Add patches to fix FTBFS with xulruner-1.9.2 from upstream (LP: #558981)
  - add debian/patches/519-Typedef-changes-from-xulrunner-1.9.1.patch
  - add debian/patches/520-Don-t-hardcode-OJI-define-deprecated-xith-libxul-1.9.patch
  - add debian/patches/521-Untracked-API-change-utf8-to-UTF8.patch
  - add debian/patches/522-Mozilla-do-not-hard-code-autoconf-file-descriptors.patch
  - add debian/patches/523-Require-xul-1.9.2-explicitly.patch
  - add debian/patches/524-Mozilla-More-fixes-for-XulRunner-1.9.2.patch
  - add debian/patches/525-Mozilla-more-fixes.patch
  - add debian/patches/526-Mozilla-More-final-Win32-compile-fixes-for-XulRunner.patch
* Add patch to drop OJI support as xulrunner-1.9.2 on Linux doesn't support it
  - add debian/patches/600-drop-OJI-xul-192.patch