Ubuntu
vlc package

Please merge vlc 1.1.9-1 (universe) from Debian unstable (main).

Bug #760510 reported by Benjamin Drung on 2011-04-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	vlc (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: vlc

Please merge vlc 1.1.9-1 (universe) from Debian unstable (main). It fixes the security bug #756368.

Changes since 1.1.8-2ubuntu1:

vlc (1.1.9-1ubuntu1) natty; urgency=low

* Merge from Debian unstable, remaining changes:
- build and install the libx264 plugin

-- Benjamin Drung <email address hidden> Thu, 14 Apr 2011 11:51:25 +0200

vlc (1.1.9-1) unstable; urgency=medium

  * New upstream release.
    - Fix heap corruption in MP4 demuxer (LP: #756368).
    - Fix fullscreen controller has no background in KDE4 (LP: #661020).
  * Refresh patches and drop backported VideoLAN-SA-1103.patch.
  * Adjust the vlc lintian-overrides for the latest lintian version.

-- Benjamin Drung <email address hidden> Thu, 14 Apr 2011 11:18:57 +0200

vlc (1.1.8-3) unstable; urgency=medium

  * Fix heap corruption in MP4 demuxer
    - VideoLAN-SA-1103
    - Thanks to Rémi Denis-Courmont
  * Set urgency to medium
  * Set policy to 3.9.2 (no change needed)

-- Christophe Mutricy <email address hidden> Mon, 11 Apr 2011 22:12:15 +0100

Related branches

lp:ubuntu/natty/vlc

Revision history for this message

Benjamin Drung (bdrung) wrote on 2011-04-14:

vlc_1.1.9-1ubuntu1.debdiff Edit (26.6 KiB, text/plain)

Revision history for this message

Benjamin Drung (bdrung) wrote on 2011-04-14:

This is from NEWS (there is no upstream changelog file):

Changes between 1.1.8 and 1.1.9:
--------------------------------

Windows and Mac OS X:
* Update of external library modplug, to address a security issue

Demuxers:
* mp4: Fix heap-based buffer overflow (VideoLAN-SA-1103)

Mac OS X Interface:
* Miscellaneous interface look adjustments
* Improve Apple Remote handling
* Fixe bugs in the Streaming / Transcoding wizard
* Layout fixes in the Preferences and Controls windows
* Fix incomplete list of hotkeys in the Preferences dialog
* Fix quitting through Apple Events (Dock menu, App Switcher, AppleScript, etc.)

Mac OS X Port:
* Fix Growl local notification plugin
* VLC bundle now includes the Growl framework
* Fixes for eyeTV

Translations:
* Updates of Lithuanian, Estonian, Chinese, Japanese, Bengali, Dutch, Polish,
German, Galician, Traditional Chinese translations
* New Luganda Translation

Revision history for this message

Martin Pitt (pitti) wrote on 2011-04-14:

Thanks, good catch. Most of the changes don't affect Linux, so this seems fine, and isn't an FFE, just a security fix. Subscribing -archive.

Changed in vlc (Ubuntu):
status:	New → Confirmed
summary:	- [FFe] Please merge vlc 1.1.9-1 (universe) from Debian unstable (main). + Please merge vlc 1.1.9-1 (universe) from Debian unstable (main).

Revision history for this message

Benjamin Drung (bdrung) wrote on 2011-04-14:

vlc_1.1.9-1ubuntu1_amd64.build Edit (3.1 MiB, text/plain)

pbuilder build log

Revision history for this message

Martin Pitt (pitti) wrote on 2011-04-14:

Erm, unsubscribing -archive, this isn't a sync, but an upload. Please go ahead.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-04-14:

This bug was fixed in the package vlc - 1.1.9-1ubuntu1

---------------
vlc (1.1.9-1ubuntu1) natty; urgency=low

* Merge from Debian unstable (LP: #760510), remaining changes:
- build and install the libx264 plugin

vlc (1.1.9-1) unstable; urgency=medium

vlc (1.1.8-3) unstable; urgency=medium

  * Fix heap corruption in MP4 demuxer
    - VideoLAN-SA-1103
    - Thanks to Rémi Denis-Courmont
  * Set urgency to medium
  * Set policy to 3.9.2 (no change needed)
-- Benjamin Drung <email address hidden> Thu, 14 Apr 2011 11:51:25 +0200