Accepted vlc 3.0.8-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 19 Aug 2019 18:50:39 +0200
Source: vlc
Architecture: source
Version: 3.0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Changes:
vlc (3.0.8-1) unstable; urgency=medium
.
* New upstream release.
- Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
- Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
CVE-2019-14438)
- Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
- Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
- Fix a use after free in the ASF demuxer (CVE-2019-14533)
- Fix a null dereference in the ASF demuxer (CVE-2019-14534)
- Fix a division by zero in the CAF demuxer (CVE-2019-14498)
- Fix a division by zero in the ASF demuxer (CVE-2019-14535)
* debian/: Remove crystalhd plugin. libcrystalhd-dev is scheduled for
removal.
* debian/patches: Remove patches included upstream.
* debian/control: Switch back to libmodplug-dev since vlc now requires
0.8.9.
Checksums-Sha1:
998912f79895951393af23859a93a0b024296c7f 6323 vlc_3.0.8-1.dsc
424a9795e051c198e7fa28107b15809ee6820d43 26041520 vlc_3.0.8.orig.tar.xz
1aa21f1e218dbcd57ed6d86c2bd557650e1cd48a 195 vlc_3.0.8.orig.tar.xz.asc
c2d5f4c75977b4d45f23215981da94e0650bbaa1 63436 vlc_3.0.8-1.debian.tar.xz
Checksums-Sha256:
7a944a0da42c0ff5a1e8638abdc5943667a09e378e0f39a9cce50eb50463adf2 6323 vlc_3.0.8-1.dsc
e0149ef4a20a19b9ecd87309c2d27787ee3f47dfd47c6639644bc1f6fd95bdf6 26041520 vlc_3.0.8.orig.tar.xz
2a314b27cea06447edd7e99b098c837095dce8f77a2372f5a0612de746b96a38 195 vlc_3.0.8.orig.tar.xz.asc
8882b89fd412eb9ff32068a7e1c347a4a1483d2d0a6077cbb74d41027f9b4c63 63436 vlc_3.0.8-1.debian.tar.xz
Files:
fb1163d865d255a0a2fc5a9da357153c 6323 video optional vlc_3.0.8-1.dsc
744442ec0c145453ea1d257914c8072e 26041520 video optional vlc_3.0.8.orig.tar.xz
34629d2e46dcbf17be97d483bd34bfa6 195 video optional vlc_3.0.8.orig.tar.xz.asc
ea481f93e2946980cfc4128c8b5e3dd1 63436 video optional vlc_3.0.8-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIyBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAl1a15YACgkQafL8UW6n
GZNdKQ/0CStGHFFC1lNcaYV60lR6HoSzg7dGBDg7d92A6KbLIZHSq1Q79g+F7WUK
24sGnGFEZ4t8BPALoaOhD8i3ySvP5mbJwNe0k7Rq2Tt/5sd1D2z5jUaKN3thhn84
lda1yH445vGf9p9y5ibWvhC4yUrk93VZh3dGlpgGv15FJyoS7VlgRU6IgoBwW/+1
8NoKfYGzJ/yVgzVa6EG9mRdOtUXNZritIlzcGuqS0fpDu6Teulv2aNLV5c20/e6Q
nzWGGRpsQ2JLjcQBh4tL1puTHrGi/f1UGDouoKagWDPu+0/zaXb3EKhr2tgb0Nn5
FE8DqLaJnac/2eweDRAPsPSQ5e4SOP2VMFZrnxSTy2sFdhIr0i53UDwqyOEnRT2A
iq0OPBjWIbFL+ChIuyFP2Cr4LrSkKnF8BpM/ziCrMOoZ+w9fFupXMlRkbL+4IeZx
5hYEtUoWFOOY6FBmyr75Zrj2a91Rs6RrFVF4h1JQ3VWD4WOKLY41IrtSGf7a/guU
BiWPpwKMaMkYI3uZkOwcSPfhVWfJMmuRybSWlSFAG2qJEXTYV6y3sisl2Q6bm/1/
hvJESWmyYFmTJ+ewOZ/oq9X0dPNDs3UYtE7t7tdWcPoaYy18meS9RfF/jgAyRNcG
ea8xh2OMT91laL1Zmx3ac6hRyI4uNZULmtmuGVKrETmmTrnjKw==
=8XfF
-----END PGP SIGNATURE-----