[ubuntu/maverick-security] vlc_1.1.4-1ubuntu1.5_i386_translations.tar.gz, vlc_1.1.4-1ubuntu1.5_amd64_translations.tar.gz, vlc, vlc_1.1.4-1ubuntu1.5_armel_translations.tar.gz, vlc_1.1.4-1ubuntu1.5_powerpc_translations.tar.gz (delayed) 1.1.4-1ubuntu1.5 (Accepted)

Thu Apr 14 16:04:06 UTC 2011

vlc (1.1.4-1ubuntu1.5) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via crafted width
    - debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in
      src/video_output/video_output.c.
    - CVE-2010-3275
    - CVE-2010-3276
  * SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
    - debian/patches/CVE-2011-1684.patch: fix buffer overflow in
      modules/demux/mp4/libmp4.c.
    - CVE-2011-1684

Date: Wed, 13 Apr 2011 23:21:01 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/vlc/1.1.4-1ubuntu1.5
-------------- next part --------------
Format: 1.8
Date: Wed, 13 Apr 2011 23:21:01 -0400
Source: vlc
Binary: libvlc5 libvlc-dev libvlccore4 libvlccore-dev mozilla-plugin-vlc vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-ggi vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-svgalib vlc-plugin-zvbi
Architecture: source
Version: 1.1.4-1ubuntu1.5
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libvlc-dev - development files for libvlc
 libvlc5    - multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore4 - base library for VLC and its modules
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-data   - Common data for VLC
 vlc-dbg    - debugging symbols for vlc
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-pulse - PulseAudio plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
 vlc-plugin-zvbi - VBI teletext plugin for VLC
Launchpad-Bugs-Fixed: 756368
Changes: 
 vlc (1.1.4-1ubuntu1.5) maverick-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via crafted width
     - debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in
       src/video_output/video_output.c.
     - CVE-2010-3275
     - CVE-2010-3276
   * SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
     - debian/patches/CVE-2011-1684.patch: fix buffer overflow in
       modules/demux/mp4/libmp4.c.
     - CVE-2011-1684
Checksums-Sha1: 
 0cebd702351746a06d26358fd6fff56517811d09 4366 vlc_1.1.4-1ubuntu1.5.dsc
 4dd25861b1aa53bea351d3aea35d18c816a73857 61653 vlc_1.1.4-1ubuntu1.5.debian.tar.gz
Checksums-Sha256: 
 baa21051f42eaa6a0ac4e0dd21604e7d6b1425ec30a546261d5befa939f7faa4 4366 vlc_1.1.4-1ubuntu1.5.dsc
 9795c1a8a5f242693b37e06447db31f6dccbf871e107251ac9112773420db028 61653 vlc_1.1.4-1ubuntu1.5.debian.tar.gz
Files: 
 cb5da86b37617be25dec3696f6569170 4366 video optional vlc_1.1.4-1ubuntu1.5.dsc
 487ea5a768b740b45c8ce24e87483d20 61653 video optional vlc_1.1.4-1ubuntu1.5.debian.tar.gz
Original-Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>