[SRU] Update to bugfix release 3.0.8 in Bionic
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| vlc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
[Impact]
VLC has received a bugfix update on the 3.0.x release path, which was recommended to us for additional stability in the Long Term Support release.
[Test Case]
Install vlc from bionic-proposed and test it for a decent amount of time. Play different video formats to catch any regressions, and use it as you normally would.
[Regression Potential]
The 3.0.x branch receives only bug fixes, which are cherry-picked from the master branch where the main development takes place. So, I think the regression potential is low.
[Other Info]
Here is the upstream Git repository: http://
Upstream changelog:
Changes between 3.0.7.1 and 3.0.8:
-------
Core:
* Fix stuttering for low framerate videos
Demux:
* Fix channel ordering in some MP4 files
* Fix glitches in TS over HLS
* Add real probing of HLS streams
* Fix HLS MIME type fallback
Decoder:
* Fix WebVTT subtitles rendering
Stream filter:
* Improve network buffering
Misc:
* Update Youtube script
Audio Output:
* macOS/iOS: Fix stuttering or blank audio when starting or seeking when using external audio devices (bluetooth for example)
* macOS: Fix AV synchronization when using external audio devices
Video Output:
* Direct3D11: Fix hardware acceleration for some AMD drivers
Stream output:
* Fix transcoding when the decoder does not set the chroma
Security:
* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
* Fix a read buffer overflow in the FAAD decoder
* Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
* Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
* Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
* Fix a use after free in the ASF demuxer (CVE-2019-14533)
* Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
* Fix a null dereference in the dvdnav demuxer
* Fix a null dereference in the ASF demuxer (CVE-2019-14534)
* Fix a null dereference in the AVI demuxer
* Fix a division by zero in the CAF demuxer (CVE-2019-14498)
* Fix a division by zero in the ASF demuxer (CVE-2019-14535)
Contribs:
* Update to a newer libmodplug version (0.8.9.0)
CVE References
| information type: | Private Security → Public |
| Sebastian Ramacher (s-ramacher) wrote | #1 |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in vlc (Ubuntu): | |
| status: | New → Confirmed |
| P.D. (paed808) wrote | #3 |
| Sebastian Ramacher (s-ramacher) wrote | #4 |
| summary: |
- [SRU] Update to bugfix release 3.0.6 in Bionic + [SRU] Update to bugfix release 3.0.7 in Bionic |
| A Z (azaagman) wrote Re: [SRU] Update to bugfix release 3.0.7 in Bionic | #5 |
| information type: | Public → Public Security |
| summary: |
- [SRU] Update to bugfix release 3.0.7 in Bionic + [SRU] Update to bugfix release 3.0.8 in Bionic |
| description: | updated |
| tags: |
added: bionic removed: cve-2018-19857 |
| Changed in vlc (Ubuntu): | |
| status: | Confirmed → Fix Released |
> * Fix CAF integer-underflow
This change fixes CVE-2018-19857.