Accepted vlc 3.0.8-0+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 20 Aug 2019 20:34:42 +0200
Source: vlc
Architecture: source
Version: 3.0.8-0+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 923017 929491 932131 932182
Changes:
vlc (3.0.8-0+deb10u1) buster-security; urgency=high
.
* New upstream release.
- Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
- Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
- Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
CVE-2019-14438)
- Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
- Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
- Fix a use after free in the ASF demuxer (CVE-2019-14533)
- Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
(Closes: #932131)
- Fix a null dereference in the ASF demuxer (CVE-2019-14534)
- Fix a division by zero in the CAF demuxer (CVE-2019-14498)
- Fix a division by zero in the ASF demuxer (CVE-2019-14535)
- Fix a division by zero when playing DVDs. (Closes: #929491, #923017,
#932182)
* debian/control: Bump libebml-dev B-D according to configure check changes.
* debian/patches: Revert modplug version bump. We use the libopenmpt compat
layer anyway.
Checksums-Sha1:
49527257e382a5df91166db898732064d6cc1efd 6471 vlc_3.0.8-0+deb10u1.dsc
424a9795e051c198e7fa28107b15809ee6820d43 26041520 vlc_3.0.8.orig.tar.xz
1aa21f1e218dbcd57ed6d86c2bd557650e1cd48a 195 vlc_3.0.8.orig.tar.xz.asc
66e64e437530401deaf9026c97e1c9dd20090892 64200 vlc_3.0.8-0+deb10u1.debian.tar.xz
Checksums-Sha256:
ef491979936cbc5f8537185823aece76d853255c9c3f34297a56ce1fde3ac88a 6471 vlc_3.0.8-0+deb10u1.dsc
e0149ef4a20a19b9ecd87309c2d27787ee3f47dfd47c6639644bc1f6fd95bdf6 26041520 vlc_3.0.8.orig.tar.xz
2a314b27cea06447edd7e99b098c837095dce8f77a2372f5a0612de746b96a38 195 vlc_3.0.8.orig.tar.xz.asc
e17a0013793480c9d8c41cd0a25921b17ef5370a909b3c89d5991d96211c5cf6 64200 vlc_3.0.8-0+deb10u1.debian.tar.xz
Files:
55c99b09e5fa2f06913512c441fa2467 6471 video optional vlc_3.0.8-0+deb10u1.dsc
744442ec0c145453ea1d257914c8072e 26041520 video optional vlc_3.0.8.orig.tar.xz
34629d2e46dcbf17be97d483bd34bfa6 195 video optional vlc_3.0.8.orig.tar.xz.asc
649c15eb0d2dd98287d1e5742dcf23aa 64200 video optional vlc_3.0.8-0+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAl1cUdEACgkQafL8UW6n
GZOHwhAAoLN8CymATzAnDxV2IGe8eyknyOt5zSpIVjGkpPQzrZlAmBl+htKts6vd
wIZfmTfFLKmP0sHxRc3vVKlcGviJ6hQkTT70FLsgk0l3d+Icg00Rqu+Stgh2GZZw
keJWSTcjUj+ElKqLYVrqnECqQtx9eYG2DDqw+SscrKm3XRIqQPI+jf2CpIvBuXBT
nK1SFW36K5R7ddLlksc+LBFz7qUNlCpq5U0mFVy3xHn653yvdIEIe1oZ6/KxsgVs
8abrxJcsPbdTbpvoQYDDsfedRb5U4EHfftpmm0S0OtnHcSdMi8UrZ92Rw0cnDnjX
We7/0wrW1JAiP96wnopLib0QzAithT5G9bph7TkylFLX74GdkQVoCgoA0FerenX2
4AavIL2kfsgXLxqm857ObS8MowDimi0oObW+N87362RzoSmrt4zPY1CKQrXdhkqm
IQWNTGxI7RTtP3Xij0UviYKkZGUM3Rt9MkWD52p0OXBkngwbUkt3h76/Zkgz02j+
lDRz2TPV8O/ZHwbBDHsQd3E1GRe63cj8nUd6Krbb1aeqH+/Shq9SsgJyKUDPDdZh
1XVYsucAOSKn/beHNOeTtIRA1O4PPA0mQAUkrZO6J4oWwM3oun5CNv/pVpaMWT0o
Omeo67sK2JUL+qL01CRAF4KzaVhRUho4idBBOPYMQdpOqGbXfBE=
=JpD/
-----END PGP SIGNATURE-----