UbuntuUpdates.org

Package "vlc"

Name: vlc

Description:

multimedia player and streamer
Latest version: 2.1.6-0ubuntu14.04.4
Release: trusty (14.04)
Level: updates
Repository: universe
Homepage: http://www.videolan.org/vlc/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vlc"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "vlc" in Trusty

Repository Area Version
base universe 2.1.2-2build2
security universe 2.1.6-0ubuntu14.04.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.6-0ubuntu14.04.4 2017-08-11 17:06:37 UTC

  vlc (2.1.6-0ubuntu14.04.4) trusty-security; urgency=medium

  * SECURITY UPDATE: flac: Fix heap write overflow on frame format change
    (LP: #1709420)
    - fix-CVE-2017-9300.patch
    - CVE-2017-9300

 -- Simon Quigley <email address hidden> Tue, 08 Aug 2017 14:15:04 -0500
Source diff to previous version
1709420 [CVE] flac: Fix heap write overflow on frame format change
CVE-2017-9300 plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and applica

Version: 2.1.6-0ubuntu14.04.3 2017-07-12 17:07:04 UTC

  vlc (2.1.6-0ubuntu14.04.3) trusty-security; urgency=high

  * SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893)
    - fix-CVE-2016-5108.patch
    - CVE-2016-5108
  * SECURITY UPDATE: Fix potential out of bound reads
    - fix-CVE-2017-8310.patch
    - CVE-2017-8310
  * SECURITY UPDATE: Fix invalid double increment
    - fix-CVE-2017-8311.patch
    - CVE-2017-8311
  * SECURITY UPDATE: Fix potential heap buffer overflow
    - fix-CVE-2017-8312.patch
    - CVE-2017-8312
  * SECURITY UPDATE: ParseJSS: fix out-of-bounds read
    - fix-CVE-2017-8313.patch
    - CVE-2017-8313

 -- Simon Quigley <email address hidden> Mon, 10 Jul 2017 22:59:26 -0500
Source diff to previous version
1693893 Fix out-of-bounds read, potential heap buffer overflow, and other CVEs
CVE-2016-5108 Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause
CVE-2017-8310 Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond al
CVE-2017-8311 Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to
CVE-2017-8312 Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a craft
CVE-2017-8313 Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond alloc

Version: 2.1.6-0ubuntu14.04.2 2016-05-03 21:06:44 UTC

  vlc (2.1.6-0ubuntu14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted FLV file
    - debian/patches/CVE-2014-9597.patch: properly handle ref count in
      src/misc/picture_pool.c.
    - CVE-2014-9597
  * SECURITY UPDATE: XSS in web interface
    - debian/patches/CVE-2014-9743.patch: fix XSS in src/network/httpd.c.
    - CVE-2014-9743
  * SECURITY UPDATE: denial of service via crafted wav file (LP: #1533633)
    - debian/patches/CVE-2016-3941.patch: seek across eof correctly in
      src/input/stream.c.
    - CVE-2016-3941

 -- Marc Deslauriers <email address hidden> Mon, 02 May 2016 20:10:10 -0400
Source diff to previous version
1533633 Specially crafted wav file causing a buffer overflow in vlc
CVE-2014-9597 The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause
CVE-2014-9743 Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before
CVE-2016-3941 Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a deni

Version: 2.1.6-0ubuntu14.04.1 2015-03-30 01:06:28 UTC

  vlc (2.1.6-0ubuntu14.04.1) trusty-security; urgency=medium

  * New upstream release to fix multiple security issues (LP: #1419176)
 -- Marc Deslauriers <email address hidden> Wed, 25 Mar 2015 21:56:16 -0400
Source diff to previous version
1419176 [SRU MRE] Update to 2.1.6 in Trusty

Version: 2.1.4-0ubuntu14.04.1 2014-05-19 15:06:50 UTC

  vlc (2.1.4-0ubuntu14.04.1) trusty-security; urgency=medium

  * New upstream release (Closes: #742625, LP: #1276650)
  * SECURITY UPDATE: crafted ASF file handling integer divide-by-zero DoS
    - CVE-2014-1684
  * debian/gbp.conf: update for trusty
 -- Benjamin Drung <email address hidden> Sun, 11 May 2014 21:31:11 +0200
1276650 please update VLC to version 2.1.3
742625 vlc: please package new upstream release of vlc 2.1.4 - Debian Bug report logs
CVE-2014-1684 The ASF_ReadObject_file_properties function in ...


About   -   Send Feedback to @ubuntu_updates