lp:ubuntu/lucid-security/vlc
- Get this branch:
- bzr branch lp:ubuntu/lucid-security/vlc
Branch merges
Branch information
Recent revisions
- 79. By Benjamin Drung
-
* SECURITY UPDATE: Heap overflow in AVI demuxer (LP: #807488)
- debian/patches/ CVE-2011- 2588.patch: AVI: fix heap buffer overflow,
thanks to Rémi Denis-Courmont
- CVE-2011-2588
- VideoLAN-SA-1106 - 78. By Benjamin Drung
-
* SECURITY UPDATE: Integer overflow in XSPF playlist parser (LP: #795410)
- debian/patches/ fix-xspf- integer- overflow. patch: Fix realloc() integer
overflow, thanks to Rémi Denis-Courmont
- CVE-2011-2194
- VideoLAN-SA-1104 - 77. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted width
- debian/patches/ CVE-2010- 327x.patch: limit video size to 8192x8192 in
src/video_output/ video_output. c.
- CVE-2010-3275
- CVE-2010-3276
* SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
- debian/patches/ CVE-2011- 1684.patch: fix buffer overflow in
modules/demux/mp4/ libmp4. c.
- CVE-2011-1684 - 76. By Benjamin Drung
-
* SECURITY UPDATE: memory corruption, code execution (LP: #714089)
- debian/patches/ mkv-input- validation. diff: Fix MKV improper input
validation, thanks to Steve Lhomme
- CVE-2011-0531
- VideoLAN-SA-1102 - 75. By Benjamin Drung
-
* SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154)
- debian/patches/ cdg-heap- overflow. diff: Fix heap overflow in CDG
decoder, thanks to Dan Rosenberg
* SECURITY UPDATE: heap corruption in some XML based subtitles decoder
- debian/patches/ xml-heap- corruption. diff: Handle early termination
properly in StripTags, thanks to Harry Sintonen - 74. By Benjamin Drung
-
* SECURITY UPDATE: Buffer overflow in Real demuxer (LP: #690173)
- modules/demux/real. c: Fix heap buffer overflow, thanks to Rémi
Denis-Courmont
- CVE-2010-3907
- VideoLAN-SA-1007 - 73. By Benjamin Drung
-
* SECURITY UPDATE: Insufficient input validation in VLC TagLib plugin
(LP: #616510).
- debian/patches/ CVE-2010- 2937.patch: fix NULL deferences after dynamic
cast, thanks to Lukáš Lalinský
- CVE-2010-2937 - 72. By Benjamin Drung
-
* Merge from Debian unstable, remaining changes:
- build and install the libx264 plugin
- add Xb-Npp header to vlc package
- Add patches 519-526 to fix FTBFS with xulruner-1.9.2 from upstream
- Add 600-drop-OJI-xul- 192.patch to drop OJI support as xulrunner-1.9.2 on
Linux doesn't support it
- Add apport hook to include more vlc dependencies in bug reports
- Drop --sourcedir=debian/ tmp from dh_install to install apport hook
* Drop 527-spanish-desktop. patch (merged upstream). - 71. By Benjamin Drung
-
* debian/
patches/ 527-spanish- desktop. patch: Add Spanish translation,
thanks Ricardo Pérez López (LP: #534312).
* Add apport hook to include more vlc dependencies in bug reports;
thanks to Brian Murray for it (LP: #538719).
* Drop --sourcedir=debian/ tmp from dh_install to install apport hook. - 70. By Micah Gersten
-
* Add patches to fix FTBFS with xulruner-1.9.2 from upstream (LP: #558981)
- add debian/patches/ 519-Typedef- changes- from-xulrunner- 1.9.1.patch
- add debian/patches/ 520-Don- t-hardcode- OJI-define- deprecated- xith-libxul- 1.9.patch
- add debian/patches/ 521-Untracked- API-change- utf8-to- UTF8.patch
- add debian/patches/ 522-Mozilla- do-not- hard-code- autoconf- file-descriptor s.patch
- add debian/patches/ 523-Require- xul-1.9. 2-explicitly. patch
- add debian/patches/ 524-Mozilla- More-fixes- for-XulRunner- 1.9.2.patch
- add debian/patches/ 525-Mozilla- more-fixes. patch
- add debian/patches/ 526-Mozilla- More-final- Win32-compile- fixes-for- XulRunner. patch
* Add patch to drop OJI support as xulrunner-1.9.2 on Linux doesn't support it
- add debian/patches/ 600-drop- OJI-xul- 192.patch
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/vlc