[packages/vlc] - updated to 3.0.8, solves: - buffer overflow in the MKV demuxer (CVE-2019-14970) - read buffer
adamg
adamg at pld-linux.org
Thu Aug 22 19:09:53 CEST 2019
commit c62471d7c6a3e680074830ecd8eee60d53b75fc9
Author: Adam Gołębiowski <adamg at pld-linux.org>
Date: Thu Aug 22 19:08:04 2019 +0200
- updated to 3.0.8, solves:
- buffer overflow in the MKV demuxer (CVE-2019-14970)
- read buffer overflow in the avcodec decoder (CVE-2019-13962)
- read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
- read buffer overflow in the ASF demuxer (CVE-2019-14776)
- use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
- use after free in the ASF demuxer (CVE-2019-14533)
- couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
- null dereference in the ASF demuxer (CVE-2019-14534)
- division by zero in the CAF demuxer (CVE-2019-14498)
- division by zero in the ASF demuxer (CVE-2019-14535)
vlc.spec | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/vlc.spec b/vlc.spec
index 7b14877..e67436a 100644
--- a/vlc.spec
+++ b/vlc.spec
@@ -68,12 +68,12 @@
Summary: VLC - a multimedia player and stream server
Summary(pl.UTF-8): VLC - odtwarzacz multimedialny oraz serwer strumieni
Name: vlc
-Version: 3.0.7.1
+Version: 3.0.8
Release: 1
License: GPL v2+
Group: X11/Applications/Multimedia
Source0: http://download.videolan.org/pub/videolan/vlc/%{version}/%{name}-%{version}.tar.xz
-# Source0-md5: 1adf2fe21070378b0e45ad163d3b232d
+# Source0-md5: 744442ec0c145453ea1d257914c8072e
Patch0: %{name}-buildflags.patch
Patch1: %{name}-tremor.patch
Patch2: %{name}-mpc.patch
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/vlc.git/commitdiff/c62471d7c6a3e680074830ecd8eee60d53b75fc9
More information about the pld-cvs-commit
mailing list