Ubuntu
vlc package

  1. Bug #1693893
  2. Activity log

Activity log for bug #1693893

Date Who What changed Old value New value Message
2017-05-26 18:14:35 pcworld bug added bug
2017-05-26 18:14:45 pcworld information type Private Security Public Security
2017-05-26 23:52:59 Seth Arnold vlc (Ubuntu): status New Incomplete
2017-05-27 00:04:39 pcworld cve linked 2017-8310
2017-05-27 00:04:44 pcworld cve linked 2017-8311
2017-05-27 00:04:47 pcworld cve linked 2017-8312
2017-05-27 00:04:52 pcworld cve linked 2017-8313
2017-07-07 10:46:32 Simon Quigley cve unlinked 2017-8310
2017-07-07 11:07:11 Simon Quigley vlc (Ubuntu): status Incomplete In Progress
2017-07-07 11:07:14 Simon Quigley vlc (Ubuntu): assignee Simon Quigley (tsimonq2)
2017-07-07 11:11:01 Simon Quigley cve linked 2016-5108
2017-07-07 11:15:20 Marc Deslauriers nominated for series Ubuntu Zesty
2017-07-07 11:15:20 Marc Deslauriers bug task added vlc (Ubuntu Zesty)
2017-07-07 11:15:20 Marc Deslauriers nominated for series Ubuntu Xenial
2017-07-07 11:15:20 Marc Deslauriers bug task added vlc (Ubuntu Xenial)
2017-07-07 11:17:46 Simon Quigley vlc (Ubuntu Xenial): assignee Simon Quigley (tsimonq2)
2017-07-07 11:17:48 Simon Quigley vlc (Ubuntu Zesty): assignee Simon Quigley (tsimonq2)
2017-07-07 11:17:53 Simon Quigley vlc (Ubuntu Xenial): status New In Progress
2017-07-07 11:17:55 Simon Quigley vlc (Ubuntu Zesty): status New In Progress
2017-07-07 11:18:23 Marc Deslauriers nominated for series Ubuntu Artful
2017-07-07 11:18:23 Marc Deslauriers bug task added vlc (Ubuntu Artful)
2017-07-07 11:22:35 Simon Quigley cve linked 2017-10699
2017-07-07 11:50:53 Simon Quigley cve linked 2017-8310
2017-07-10 03:03:43 Simon Quigley attachment added 2.2.12-10ubuntu1.patch https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4911981/+files/2.2.12-10ubuntu1.patch
2017-07-10 03:04:42 Simon Quigley attachment added 1-2.2.2-5ubuntu0.16.04.3.debdiff https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4911982/+files/1-2.2.2-5ubuntu0.16.04.3.debdiff
2017-07-10 03:04:56 Simon Quigley attachment removed 2.2.12-10ubuntu1.patch https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4911981/+files/2.2.12-10ubuntu1.patch
2017-07-10 03:05:25 Simon Quigley bug added subscriber Simon Quigley
2017-07-10 03:08:20 Simon Quigley description VLC 2.2.5.1 fixes buffer overflow and out of bound read bugs related to subtitle decoding. A company called "Check Point" appears to have reported them, but they did not release any details. [1] At least the following 5 commits relate to these bugs: [2] Presumably all currently supported Ubuntu releases are affected by at least one bug fixed by the patches. By the way, there seem to be other security related commits in VLC that might need backporting, e.g. [3] [4] [1]: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ [2]: https://github.com/videolan/vlc/search?q=checkpoint&type=Commits&utf8=%E2%9C%93 [3]: https://github.com/videolan/vlc/search?o=desc&p=1&q=overflow&s=committer-date&type=Commits&utf8=%E2%9C%93 [4]: https://github.com/videolan/vlc/search?o=desc&q=out+of+bound&s=committer-date&type=Commits&utf8=%E2%9C%93 This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial: - 2016-5108 - 2017-10699 - 2017-8310 - 2017-8311 - 2017-8312 - 2017-8313
2017-07-10 03:09:13 Simon Quigley summary Possible remote code execution related to subtitles Fix out-of-bounds read, potential heap buffer overflow, and other CVEs
2017-07-10 03:09:27 Simon Quigley bug added subscriber Ubuntu Security Sponsors Team
2017-07-10 03:32:15 Simon Quigley description This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial: - 2016-5108 - 2017-10699 - 2017-8310 - 2017-8311 - 2017-8312 - 2017-8313 This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial:   - 2016-5108   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313 - Zesty: - 2017-10699 - 2017-8310 - 2017-8311 - 2017-8312 - 2017-8313 - Already upstreamed: - 2016-5108
2017-07-10 06:20:50 Simon Quigley attachment added 1-2.2.4-14ubuntu2.1.debdiff https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4912037/+files/1-2.2.4-14ubuntu2.1.debdiff
2017-07-10 06:22:50 Simon Quigley attachment removed 1-2.2.4-14ubuntu2.1.debdiff https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4912037/+files/1-2.2.4-14ubuntu2.1.debdiff
2017-07-10 06:23:09 Simon Quigley attachment added 1-2.2.4-14ubuntu2.1.debdiff https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4912038/+files/1-2.2.4-14ubuntu2.1.debdiff
2017-07-10 09:49:03 Simon Quigley attachment added 1-2.2.6-2ubuntu1.debdiff https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4912130/+files/1-2.2.6-2ubuntu1.debdiff
2017-07-10 09:50:15 Simon Quigley description This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial:   - 2016-5108   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313 - Zesty: - 2017-10699 - 2017-8310 - 2017-8311 - 2017-8312 - 2017-8313 - Already upstreamed: - 2016-5108 This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial:   - 2016-5108   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313 - Zesty:   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313   - Already upstreamed:     - 2016-5108 - Artful: - 2017-10699 - Already upstreamed: - 2016-5108 - 2017-8310 - 2017-8311 - 2017-8312 - 2017-8313
2017-07-10 09:50:46 Simon Quigley description This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial:   - 2016-5108   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313 - Zesty:   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313   - Already upstreamed:     - 2016-5108 - Artful: - 2017-10699 - Already upstreamed: - 2016-5108 - 2017-8310 - 2017-8311 - 2017-8312 - 2017-8313 This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial:   - 2016-5108   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313 - Zesty:   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313   - Already fixed in the package:     - 2016-5108 - Artful:   - 2017-10699   - Already fixed in the package:     - 2016-5108     - 2017-8310     - 2017-8311     - 2017-8312     - 2017-8313
2017-07-10 10:01:06 Graham Inggs nominated for series Ubuntu Trusty
2017-07-10 10:01:06 Graham Inggs bug task added vlc (Ubuntu Trusty)
2017-07-10 10:02:39 Simon Quigley vlc (Ubuntu Trusty): status New In Progress
2017-07-10 10:02:41 Simon Quigley vlc (Ubuntu Trusty): assignee Simon Quigley (tsimonq2)
2017-07-10 23:40:43 Launchpad Janitor vlc (Ubuntu Xenial): status In Progress Fix Released
2017-07-10 23:50:47 Launchpad Janitor vlc (Ubuntu Zesty): status In Progress Fix Released
2017-07-11 00:19:23 Launchpad Janitor vlc (Ubuntu Artful): status In Progress Fix Released
2017-07-11 04:03:25 Simon Quigley description This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial:   - 2016-5108   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313 - Zesty:   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313   - Already fixed in the package:     - 2016-5108 - Artful:   - 2017-10699   - Already fixed in the package:     - 2016-5108     - 2017-8310     - 2017-8311     - 2017-8312     - 2017-8313 This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Trusty: - 2016-5108 - 2017-8310 - 2017-8311 - 2017-8312 - 2017-8313 - Not applicable to this version: - 2017-10699 - Xenial:   - 2016-5108   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313 - Zesty:   - 2017-10699   - 2017-8310   - 2017-8311   - 2017-8312   - 2017-8313   - Already fixed in the package:     - 2016-5108 - Artful:   - 2017-10699   - Already fixed in the package:     - 2016-5108     - 2017-8310     - 2017-8311     - 2017-8312     - 2017-8313
2017-07-11 04:06:00 Simon Quigley attachment added 1-2.1.6-0ubuntu14.04.3.debdiff https://bugs.launchpad.net/ubuntu/trusty/+source/vlc/+bug/1693893/+attachment/4912565/+files/1-2.1.6-0ubuntu14.04.3.debdiff
2017-07-12 15:38:01 Launchpad Janitor vlc (Ubuntu Trusty): status In Progress Fix Released