Ubuntu
vlc package

Please update VLC (for security issues)

Bug #1186780 reported by Joe le Kiffeur
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
Raring
Fix Released
Undecided
Unassigned

Bug Description

VLC 2.0.6, 2.0.7, and 2.0.8 contain security fixes.

See original description

CVE References

Revision history for this message
Joe le Kiffeur (joelekiffeur) wrote : Re: [Ubuntu 12.04] Please update VLC (security issues)

VLC is not updated. The last version 2.0.6 and fixes security issues and other bugs.
The priority is high (or critical)

summary: - [Ubuntu 12.04] Please update (security issues)
+ [Ubuntu 12.04] Please update VLC (security issues)
summary: - [Ubuntu 12.04] Please update VLC (security issues)
+ [Ubuntu 12.04] Please update VLC (for security issues)
Joe le Kiffeur (joelekiffeur)
tags: added: issues security vlc
Benjamin Drung (bdrung)
summary: - [Ubuntu 12.04] Please update VLC (for security issues)
+ Please update VLC (for security issues)
Benjamin Drung (bdrung)
description: updated
Revision history for this message
Benjamin Drung (bdrung) wrote :

I have uploaded vlc 2.0.8-1 to Debian unstable and will sync it.

Changed in vlc (Ubuntu):
status: New → Fix Committed
Revision history for this message
Benjamin Drung (bdrung) wrote :

I have prepared 2.0.8 for precise-security, quantal-security, and raring-security. You can get the source package by grabbing the .orig.tar.xz tarball from unstable/saucy and running:

git clone -b precise git://git.debian.org/git/pkg-multimedia/vlc.git
cd vlc
git-buildpackage -S

The quantal/raring package can be retrieved by checking out the quantal/raring branch instead of the precise branch.

All source package build cleanly with pbuilder. I have verified that the raring package installs and runs without issues.

Benjamin Drung (bdrung)
Changed in vlc (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 2.0.8-0ubuntu0.12.04.1

---------------
vlc (2.0.8-0ubuntu0.12.04.1) precise-security; urgency=low

  * New bug-fixing upstream release (LP: #1186780).
  * SECURITY UPDATE: Denial of service (crash) and possibly execute arbitrary
    code via a crafted MKV file (disputed).
    - Improve resistance and checking against malformed MKV files.
    - CVE-2013-3245
  * SECURITY UPDATE: Two xss vulnerabilities.
    - CVE-2013-3565
  * SECURITY UPDATE: Buffer Overflow in ASF Demuxer.
    - CVE-2013-1954
    - VideoLAN-SA-1302
 -- Benjamin Drung <email address hidden> Thu, 01 Aug 2013 14:25:34 +0200

Changed in vlc (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 2.0.8-0ubuntu0.12.10.1

---------------
vlc (2.0.8-0ubuntu0.12.10.1) quantal-security; urgency=low

  * New bug-fixing upstream release (LP: #1186780).
  * SECURITY UPDATE: Denial of service (crash) and possibly execute arbitrary
    code via a crafted MKV file (disputed).
    - Improve resistance and checking against malformed MKV files.
    - CVE-2013-3245
  * SECURITY UPDATE: Two xss vulnerabilities.
    - CVE-2013-3565
  * SECURITY UPDATE: Buffer Overflow in ASF Demuxer.
    - CVE-2013-1954
    - VideoLAN-SA-1302
 -- Benjamin Drung <email address hidden> Thu, 01 Aug 2013 14:41:36 +0200

Changed in vlc (Ubuntu Quantal):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 2.0.8-0ubuntu0.13.04.1

---------------
vlc (2.0.8-0ubuntu0.13.04.1) raring-security; urgency=low

  * New bug-fixing upstream release (LP: #1186780).
  * SECURITY UPDATE: Denial of service (crash) and possibly execute arbitrary
    code via a crafted MKV file (disputed).
    - Improve resistance and checking against malformed MKV files.
    - CVE-2013-3245
  * SECURITY UPDATE: Two xss vulnerabilities.
    - CVE-2013-3565
 -- Benjamin Drung <email address hidden> Thu, 01 Aug 2013 14:47:07 +0200

Changed in vlc (Ubuntu Raring):
status: New → Fix Released
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Great, thanks Benjamin!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.