* New bug-fixing upstream release (LP: #1025713).
* SECURITY UPDATE: Heap-based buffer overflow in the Ogg_DecodePacket function
in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before
2.0.2 allows remote attackers to cause a denial of service (application
crash) and possibly execute arbitrary code via a crafted OGG file.
- CVE-2012-3377
vlc (2.0.2-2) unstable; urgency=low
* Add missing epoch to libqt4-dev build dependency.
* Drop libggi2-dev from build dependencies (not needed any more).
(Closes: #680237)
* The dependency ttf-freefont was renamed to fonts-freefont-ttf.
vlc (2.0.2-1) unstable; urgency=medium
[ Edward Wang ]
* New upstream release (Closes: #679625, #664279, LP: #689122, #936488,
#942126, #971106, #972615, #973051, #987231, #995003, #998538).
- Fix Ogg Heap buffer overflow. Thanks to Hugo Beauzée-Luyssen
* Add the crystalhd plugin to the vlc distribution.
* libcaca_plugin.so now depends on X11 in this release, so it must
be installed under vlc (versus vlc-nox).
[ Reinhard Tartler ]
* Urgency set to medium because a security issue is fixed in this release
[ Benjamin Drung ]
* Add new plugins to vlc-nox:
- crystalhd (Linux amd64 and i386 only)
- directfb
- fbosd (Linux only)
- omxil (Linux only)
* Add build dependencies for new plugins.
* Add new symbols to libvlccore5.
* Switch to debhelper 8.
-- Benjamin Drung <email address hidden> Tue, 24 Jul 2012 00:44:39 +0200
This bug was fixed in the package vlc - 2.0.3-0ubuntu0. 12.04.1
--------------- 0ubuntu0. 12.04.1) precise-security; urgency=low
vlc (2.0.3-
* New bug-fixing upstream release (LP: #1025713). demux/ogg. c) in VideoLAN VLC media player before
* SECURITY UPDATE: Heap-based buffer overflow in the Ogg_DecodePacket function
in the OGG demuxer (modules/
2.0.2 allows remote attackers to cause a denial of service (application
crash) and possibly execute arbitrary code via a crafted OGG file.
- CVE-2012-3377
vlc (2.0.2-2) unstable; urgency=low
* Add missing epoch to libqt4-dev build dependency.
* Drop libggi2-dev from build dependencies (not needed any more).
(Closes: #680237)
* The dependency ttf-freefont was renamed to fonts-freefont-ttf.
vlc (2.0.2-1) unstable; urgency=medium
[ Edward Wang ]
* New upstream release (Closes: #679625, #664279, LP: #689122, #936488,
#942126, #971106, #972615, #973051, #987231, #995003, #998538).
- Fix Ogg Heap buffer overflow. Thanks to Hugo Beauzée-Luyssen
* Add the crystalhd plugin to the vlc distribution.
* libcaca_plugin.so now depends on X11 in this release, so it must
be installed under vlc (versus vlc-nox).
[ Reinhard Tartler ]
* Urgency set to medium because a security issue is fixed in this release
[ Benjamin Drung ]
* Add new plugins to vlc-nox:
- crystalhd (Linux amd64 and i386 only)
- directfb
- fbosd (Linux only)
- omxil (Linux only)
* Add build dependencies for new plugins.
* Add new symbols to libvlccore5.
* Switch to debhelper 8.
-- Benjamin Drung <email address hidden> Tue, 24 Jul 2012 00:44:39 +0200