[Bug 1703754] Re: Force sync vlc 2.2.6-3 from Debian Sid
Mattia Rizzolo
mattia at mapreri.org
Thu Jul 13 13:25:16 UTC 2017
This bug was fixed in the package vlc - 2.2.6-3
Sponsored for Simon Quigley (tsimonq2)
---------------
vlc (2.2.6-3) unstable; urgency=medium
[ Mateusz Łukasik ]
* debian/patches: avcodec: Check visible sizes (CVE-2017-10699).
[ Sebastian Ramacher ]
* debian/patches: flac: Fix heap write overflow on frame format change.
(CVE-2017-9300)
-- Sebastian Ramacher <sramacher at debian.org> Tue, 11 Jul 2017 21:35:32
+0200
** Changed in: vlc (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-10699
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9300
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1703754
Title:
Force sync vlc 2.2.6-3 from Debian Sid
Status in vlc package in Ubuntu:
Fix Released
Bug description:
Please force sync vlc 2.2.6-3 from Debian Sid.
The delta exists in the first place (created by me) to fix
CVE-2017-10699, which was fixed in 2.2.6-3. Here's the full changelog:
vlc (2.2.6-3) unstable; urgency=medium
[ Mateusz Łukasik ]
* debian/patches: avcodec: Check visible sizes (CVE-2017-10699).
[ Sebastian Ramacher ]
* debian/patches: flac: Fix heap write overflow on frame format change.
(CVE-2017-9300)
The delta does not need to exist any more, so it can be force synced.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1703754/+subscriptions
More information about the Ubuntu-sponsors
mailing list