[SRU] Update to bugfix release 3.0.7 in Bionic

Bug #1812480 reported by Mike Neac on 2019-01-19
This bug affects 2 people
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)

Bug Description


VLC has received a bugfix update on the 3.0.x release path, which was recommended to us for additional stability in the Long Term Support release.

[Test Case]

Install vlc from bionic-proposed and test it for a decent amount of time. Play different video formats to catch any regressions, and use it as you normally would.

[Regression Potential]

The 3.0.x branch receives only bug fixes, which are cherry-picked from the master branch where the main development takes place. So, I think the regression potential is low.

[Other Info]

Here is the upstream Git repository: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=summary

We released the previous VLC bugfix release for this branch into Bionic in late July, see bug 1774067 for details. This was successful, and no regressions have been reported.

Upstream changelog:

Changes between 3.0.5 and 3.0.6:

 * Fix potential subtitle picture allocation failures

 * Add support for 12 bits decoding of AV1
 * Fix HDR support in AV1 when the container provides the metadata

Changes between 3.0.4 and 3.0.5:

 * Improve RTSP playback
 * BluRay fixes and improvements, notably for menus and seeking
 * Improve the UDP/RTP truncated issue

 * Add a new AV1 decoder based on dav1d library
 * Enable libaom decoder by default
 * Fix decoding of some HEVC streams with macOS hardware decoding

 * MP4: Fix reading of some HDR metadata
 * Miscellaneous AV1 demuxing improvements
 * Fix CAF integer-underflow
 * Fix an MKV crash on iOS 12.0, on iPhone XS phones

 * Add an AV1 packetizer

 * Starting with VLC 3.0.5, VLC will be distributed with runtime hardening
   enabled on macOS Mojave.
   All external VLC plugins need to be signed by a DeveloperID certificate in order
   to continue working with the official VLC package.
 * Update the VLC dark UI to better match the dark mode of macOS Mojave
 * Fix convert & save panel stream option

Audio output:
 * Fix corking when the playback state is paused
 * Improve corking on Android

Video Output:
 * Fix Direct3D11 tone-mapping when HDR is displayed on an SDR screen
 * More accurate colors for SD sources in Direct3D11
 * Disable hardware decoding on some old Intel GPUs
 * Fix zero-copy GPU acceleration on AMD RX Vega
 * Misc Direct3D11 fixes

 * Improve ChromeCast
 * Update numerous 3rd party libraries, including for minor security issues
 * Update Youtube support
 * Fix subtitles rendering with specific fonts with negative horizontal advance

CVE References

Alex Murray (alexmurray) on 2019-01-22
information type: Private Security → Public
Sebastian Ramacher (s-ramacher) wrote :

> * Fix CAF integer-underflow

This change fixes CVE-2018-19857.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vlc (Ubuntu):
status: New → Confirmed
P.D. (paed808) wrote :

Please update VLC so I can stop using a third party PPA for the latest version.

Sebastian Ramacher (s-ramacher) wrote :

vlc 3.0.7 was released fixing another 20+ security issues. So please update to 3.0.7 instead.

P.D. (paed808) on 2019-06-13
summary: - [SRU] Update to bugfix release 3.0.6 in Bionic
+ [SRU] Update to bugfix release 3.0.7 in Bionic
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers