[Bug 1703754] [NEW] Force sync vlc 2.2.6-3 from Debian Sid
Simon Quigley
tsimonq2 at ubuntu.com
Wed Jul 12 06:30:33 UTC 2017
Public bug reported:
Please force sync vlc 2.2.6-3 from Debian Sid.
The delta exists in the first place (created by me) to fix
CVE-2017-10699, which was fixed in 2.2.6-3. Here's the full changelog:
vlc (2.2.6-3) unstable; urgency=medium
[ Mateusz Łukasik ]
* debian/patches: avcodec: Check visible sizes (CVE-2017-10699).
[ Sebastian Ramacher ]
* debian/patches: flac: Fix heap write overflow on frame format change.
(CVE-2017-9300)
The delta does not need to exist any more, so it can be force synced.
** Affects: vlc (Ubuntu)
Importance: Undecided
Assignee: Simon Quigley (tsimonq2)
Status: New
** Tags: artful
** Tags added: artful
** Changed in: vlc (Ubuntu)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1703754
Title:
Force sync vlc 2.2.6-3 from Debian Sid
Status in vlc package in Ubuntu:
New
Bug description:
Please force sync vlc 2.2.6-3 from Debian Sid.
The delta exists in the first place (created by me) to fix
CVE-2017-10699, which was fixed in 2.2.6-3. Here's the full changelog:
vlc (2.2.6-3) unstable; urgency=medium
[ Mateusz Łukasik ]
* debian/patches: avcodec: Check visible sizes (CVE-2017-10699).
[ Sebastian Ramacher ]
* debian/patches: flac: Fix heap write overflow on frame format change.
(CVE-2017-9300)
The delta does not need to exist any more, so it can be force synced.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1703754/+subscriptions
More information about the Ubuntu-sponsors
mailing list