Debian
vlc package

vlc 1.0.6 fixes security issues

Bug #568859 reported by Rémi Denis-Courmont
272
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Hardy Backports
Invalid
Undecided
Unassigned
Jaunty Jackalope Backports
Invalid
Undecided
Unassigned
Karmic Backports
Invalid
Undecided
Unassigned
VLC media player
Fix Released
Undecided
Unassigned
vlc (Debian)
Fix Released
Unknown
vlc (Ubuntu)
Fix Released
Undecided
Unassigned
Nominated for Karmic by Rémi Denis-Courmont

Bug Description

Binary package hint: vlc

VLC media player packages in all versions of Ubuntu suffer from known security vulnerabilities.
Please refer to upstream advisory for more infos: http://www.videolan.org/security/sa1003.html

Related branches

lp:debian/vlc

CVE References

Rémi Denis-Courmont (rdenis)
visibility: private → public
Changed in vlc:
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in vlc (Debian):
status: Unknown → New
Revision history for this message
Micah Gersten (micahg) wrote :

I'll can have the Ubuntu only upgrade ready for Lucid if Debian doesn't do this soon.

Revision history for this message
Benjamin Drung (bdrung) wrote :

I uploaded vlc 1.0.6-1ubuntu1 an hour ago.

Marc Deslauriers (mdeslaur)
Changed in vlc (Ubuntu):
status: New → Confirmed
Benjamin Drung (bdrung)
Changed in vlc (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.0.6-1ubuntu1

---------------
vlc (1.0.6-1ubuntu1) lucid; urgency=low

  * Merge from Debian unstable, remaining changes:
    - build and install the libx264 plugin
    - add Xb-Npp header to vlc package
    - Add patches 519-526 to fix FTBFS with xulruner-1.9.2 from upstream
    - Add 600-drop-OJI-xul-192.patch to drop OJI support as xulrunner-1.9.2 on
      Linux doesn't support it
    - Add apport hook to include more vlc dependencies in bug reports
    - Drop --sourcedir=debian/tmp from dh_install to install apport hook
  * Drop 527-spanish-desktop.patch (merged upstream).

vlc (1.0.6-1) unstable; urgency=low

  * New upstream version 1.0.6
    + VideoLAN-SA-1003
    + Closes: #578799
    + LP: #408719, #464715, #465560, #502637, #525278, #542943, #568859
  * RTMP access module has been removed (vlc-nox.install, NEWS.Debian)
  * Remove patches merged upstream
 -- Benjamin Drung <email address hidden> Fri, 23 Apr 2010 12:16:15 +0200

Changed in vlc (Ubuntu):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in vlc (Debian):
status: New → Fix Released
Revision history for this message
Yury V. Zaytsev (zyv) wrote :

Jaunty EOLed not long ago, so marking as invalid.

Changed in jaunty-backports:
status: New → Invalid
Revision history for this message
Yury V. Zaytsev (zyv) wrote :

Hey! Actually I'd love to see it backported. For now I use hand-built 0.9.9a :(

Revision history for this message
Rolf Leggewie (r0lf) wrote :

karmic is no longer supported and receives no further updates

Changed in karmic-backports:
status: New → Invalid
Revision history for this message
Qwerty Chouskie (asdfghrbljzmkd) wrote :

Hardy no longer supported.

Changed in hardy-backports:
status: New → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.