[Security Update] 2019-08-19 – VLC 3.0.8

@jonathon wrote:

VLC 3.0.8

I have built and pushed VLC 3.0.8-0 to the following branches:

  • stable
  • testing
  • unstable (-0.1)
     
  • x32-stable
  • x32-testing
  • x32-unstable (-0.1)

As is always the case for a short-turnaround update, this package has had only minimal testing.


Security advisory: https://www.videolan.org/security/sb-vlc308.html
Release notes: https://www.videolan.org/vlc/releases/3.0.8.html
Full changelog: https://www.videolan.org/developers/vlc-branch/NEWS
Overlay packaging files: https://gitlab.manjaro.org/security-overlay/vlc

Security:
 * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
 * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
 * Fix a read buffer overflow in the FAAD decoder
 * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
 * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
 * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
 * Fix a use after free in the ASF demuxer (CVE-2019-14533)
 * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
 * Fix a null dereference in the dvdnav demuxer
 * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
 * Fix a null dereference in the AVI demuxer
 * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
 * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

Any issues?

  • 3.0.8-0 is working fine
  • 3.0.8-0 is broken for me (post details)
  • 3.0.8-0.1 is working fine
  • 3.0.8-0.1 is broken for me (post details)

0
voters

Posts: 12

Participants: 6

Read full topic


Full Story (EN):More …
Prevod Srpski:Prevod teksta (SR)
Prevod Hrvatski:Prevod teksta (HR)
Source:https://manjaro.github.io/