[SRU] Update to bugfix release 3.0.8 in Bionic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vlc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
VLC has received a bugfix update on the 3.0.x release path, which was recommended to us for additional stability in the Long Term Support release.
[Test Case]
Install vlc from bionic-proposed and test it for a decent amount of time. Play different video formats to catch any regressions, and use it as you normally would.
[Regression Potential]
The 3.0.x branch receives only bug fixes, which are cherry-picked from the master branch where the main development takes place. So, I think the regression potential is low.
[Other Info]
Here is the upstream Git repository: http://
Upstream changelog:
Changes between 3.0.7.1 and 3.0.8:
-------
Core:
* Fix stuttering for low framerate videos
Demux:
* Fix channel ordering in some MP4 files
* Fix glitches in TS over HLS
* Add real probing of HLS streams
* Fix HLS MIME type fallback
Decoder:
* Fix WebVTT subtitles rendering
Stream filter:
* Improve network buffering
Misc:
* Update Youtube script
Audio Output:
* macOS/iOS: Fix stuttering or blank audio when starting or seeking when using external audio devices (bluetooth for example)
* macOS: Fix AV synchronization when using external audio devices
Video Output:
* Direct3D11: Fix hardware acceleration for some AMD drivers
Stream output:
* Fix transcoding when the decoder does not set the chroma
Security:
* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
* Fix a read buffer overflow in the FAAD decoder
* Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
* Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
* Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
* Fix a use after free in the ASF demuxer (CVE-2019-14533)
* Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
* Fix a null dereference in the dvdnav demuxer
* Fix a null dereference in the ASF demuxer (CVE-2019-14534)
* Fix a null dereference in the AVI demuxer
* Fix a division by zero in the CAF demuxer (CVE-2019-14498)
* Fix a division by zero in the ASF demuxer (CVE-2019-14535)
Contribs:
* Update to a newer libmodplug version (0.8.9.0)
CVE References
information type: | Private Security → Public |
summary: |
- [SRU] Update to bugfix release 3.0.6 in Bionic + [SRU] Update to bugfix release 3.0.7 in Bionic |
information type: | Public → Public Security |
summary: |
- [SRU] Update to bugfix release 3.0.7 in Bionic + [SRU] Update to bugfix release 3.0.8 in Bionic |
description: | updated |
tags: |
added: bionic removed: cve-2018-19857 |
Changed in vlc (Ubuntu): | |
status: | Confirmed → Fix Released |
> * Fix CAF integer-underflow
This change fixes CVE-2018-19857.