Ubuntu
libvdpau package

Sync libvdpau 1.1.1-3 (main) from Debian sid (main)

Bug #1512274 reported by Oibaf
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvdpau (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync libvdpau 1.1.1-3 (main) from Debian sid (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: privilege escalation when used in setuid or setgid
    applications
    - debian/patches/CVE-2015-5xxx.patch: use secure_getenv and protect
      against directory traversal in configure.ac, src/Makefile.am,
      src/mesa_dri2.c, src/util.h, src/vdpau_wrapper.c,
      trace/vdpau_trace.cpp.
    - CVE-2015-5198
    - CVE-2015-5199
    - CVE-2015-5200
  * SECURITY UPDATE: privilege escalation when used in setuid or setgid
    applications
    - debian/patches/CVE-2015-5xxx.patch: use secure_getenv and protect
      against directory traversal in configure.ac, src/Makefile.am,
      src/mesa_dri2.c, src/util.h, src/vdpau_wrapper.c,
      trace/vdpau_trace.cpp.
    - CVE-2015-5198
    - CVE-2015-5199
    - CVE-2015-5200

Debian package already include everything in the Ubuntu package.

Changelog entries since current xenial version 1.1-1ubuntu1:

libvdpau (1.1.1-3) unstable; urgency=medium

  [ Luca Boccassi ]
  * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625)
  * Upload to unstable.

 -- Andreas Beckmann <email address hidden> Thu, 29 Oct 2015 00:47:28 +0100

libvdpau (1.1.1-2) experimental; urgency=medium

  * Add vdpau-driver-all driver metapackage. (Closes: #800657)
  * libvdpau1: Recommends: vdpau-driver-all | vdpau-driver.
  * Upload to experimental.

 -- Andreas Beckmann <email address hidden> Thu, 08 Oct 2015 10:15:00 +0200

libvdpau (1.1.1-1) unstable; urgency=medium

  [ Andreas Beckmann ]
  * simplify d/rules

  [ Luca Boccassi ]
  * New upstream release.
    - Use secure_getenv(3) to improve security
      (CVE-2015-5198, CVE-2015-5199, CVE-2015-5200). Closes: #797895.
  * Do not check for pdftex, removed upstream
  * Add myself to Uploaders
  * Refresh dlopen-path patch, upstream changes
  * Refresh patch module-searchpath, upstream changes

 -- Luca Boccassi <email address hidden> Thu, 03 Sep 2015 23:31:59 +0100

CVE References

Revision history for this message
Logan Rosen (logan) wrote :

The new vdpau-driver-all package depends on libvdpau-va-gl1, which is in universe.

Changed in libvdpau (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Martin Pitt (pitti) wrote :

This bug was fixed in the package libvdpau - 1.1.1-3
Sponsored for Oibaf (oibaf)

---------------
libvdpau (1.1.1-3) unstable; urgency=medium

  [ Luca Boccassi ]
  * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625)
  * Upload to unstable.

 -- Andreas Beckmann <email address hidden> Thu, 29 Oct 2015 00:47:28 +0100

libvdpau (1.1.1-2) experimental; urgency=medium

  * Add vdpau-driver-all driver metapackage. (Closes: #800657)
  * libvdpau1: Recommends: vdpau-driver-all | vdpau-driver.
  * Upload to experimental.

 -- Andreas Beckmann <email address hidden> Thu, 08 Oct 2015 10:15:00 +0200

libvdpau (1.1.1-1) unstable; urgency=medium

  [ Andreas Beckmann ]
  * simplify d/rules

  [ Luca Boccassi ]
  * New upstream release.
    - Use secure_getenv(3) to improve security
      (CVE-2015-5198, CVE-2015-5199, CVE-2015-5200). Closes: #797895.
  * Do not check for pdftex, removed upstream
  * Add myself to Uploaders
  * Refresh dlopen-path patch, upstream changes
  * Refresh patch module-searchpath, upstream changes

 -- Luca Boccassi <email address hidden> Thu, 03 Sep 2015 23:31:59 +0100

Changed in libvdpau (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.