-
vlc (0.8.4.debian-1ubuntu6.3) dapper-security; urgency=low
* SECURITY UPDATE: (LP: #207284)
+ debian/patches/031_CVE-2008-1489.dpatch
- Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a crafted MP4 RDRF box that triggers a
heap-based buffer overflow.
* References
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
+ http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
-- Emanuele Gentili <email address hidden> Tue, 01 Apr 2008 03:48:00 +0200
-
vlc (0.8.4.debian-1ubuntu6.2) dapper-security; urgency=low
* SECURITY UPDATE:
- debian/patches/CVE-2008-0984.dpatch (LP: #195949)
+ VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
suffers from an arbitrary memory overwrite vulnerability when using
crash the player instance.
* References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
- http://www.videolan.org/security/sa0802.html
-- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 03:09:28 +0100
-
vlc (0.8.4.debian-1ubuntu6.1) dapper-security; urgency=low
* Fix format string vulnerability with patch taken from Debian BTS
MOAB-02-01-2007-CVE-2007-0017.dpatch, CVE-2007-0017. Closes Malone: #78610
-- Martin Juergens <email address hidden> Sat, 27 Jan 2007 18:39:58 +0100
-
vlc (0.8.4.debian-1ubuntu6) dapper; urgency=low
"'Time to race', she said, 'Race the downhill'."
* Add debian/patches/24_prefs_stacking_fix, fixing stacking in
Preferences dialog. Taken from upstream svn changeset 13795, thanks
to Bruce Cowan (Closes: Malone #31891).
* Demote ttf-freefont, ttf-thryomanes to Suggests as the former
provides bad metrics for Thai. See Debian #362071 for additional
information.
* Don't use gcc-snapshot as the compiler. See Debian #361729 for more
information.
* Make vlc.desktop HIG-compliant.
* Rebuild against new libebml-dev and libmatroska-dev, fixing crashes
with Matroska files (Closes: Malone #29644).
* Use our own faad2 and x264, fixing garbled graphics (Closes: Malone
#28539). Please see Debian #365389 if the inclusion of these
libraries stirs your ire.
-- Daniel T Chen <email address hidden> Tue, 23 May 2006 03:42:19 -0400
-
vlc (0.8.4.debian-1ubuntu5) dapper; urgency=low
* Integrate updates from Debian:
- Enable support for zeroconf/bonjour, musepack decoding, and VCD
navigation (and adjust debian/{control,rules} accordingly, adding
debian/patches/22_avahi_client_0.6_api).
-- Daniel T Chen <email address hidden> Sun, 05 Mar 2006 18:38:55 -0800
-
vlc (0.8.4.debian-1ubuntu4) dapper; urgency=low
* removed nonexistent xlibs-static-pic build dep to fix FTBFS
* changes UBUNTU_ENV from /usr/lib/mozilla-firefox/xpidl
to /usr/lib/firefox/xpidl to fix FTBFS
* added 21_gnome-screensaver-support.dpatch to automagically
disable screensavers while playing a movie
-- Oliver Grawert <email address hidden> Tue, 28 Feb 2006 20:24:37 +0100
-
vlc (0.8.4.debian-1ubuntu3) dapper; urgency=low
* debian/control: Replace mozilla-dev build dependency with
firefox-dev. Change mozilla-plugin-vlc's Recommends appropriately.
Fixes FTBFS due to mozilla-dev muck on [!amd64].
* debian/rules: Elide Ubuntu modifications into UBUNTU_ENV to pass
to configure (MOZILLA_CONFIG=/usr/bin/firefox-config ,
XPIDL=/usr/lib/mozilla-firefox/xpidl)
-- Daniel T Chen <email address hidden> Fri, 30 Dec 2005 19:29:07 -0800
-
vlc (0.8.4.debian-1ubuntu2) dapper; urgency=low
* Rebuild for new dbus.
-- Daniel T Chen <email address hidden> Thu, 22 Dec 2005 14:32:09 -0800
-
vlc (0.8.4.debian-1ubuntu1) dapper; urgency=low
* Resynchronise with Debian:
- Fix build dependency on GL headers.
- Reintegrate patch for HAL 0.5 API in src/libvlc.c(Debian#332927),
fixing FTBFS.
- Fix broken mailcap entries in vlc.mime (Closes: Debian#340434,
Debian#339570).
- Make vlc depend on vlc-plugin-alsa (Closes: #3678, #4544).
- Fix unicast streaming (Closes: #4444).
-- Daniel T Chen <email address hidden> Sun, 27 Nov 2005 22:50:24 -0800
-
vlc (0.8.4-svn20051025-0ubuntu1) dapper; urgency=low
* New svn checkout to fix the Unicode issues once and for all that
forced build-depending on libwxgtk2.4-dev in Breezy. Change _back_
to build-depend on libwxgtk2.6-dev (Closes: #3179, #3505, #3559).
* Use hal patch from 0.8.4-svn20050920-3+hal0.
* debian/:
+ Major purge of unused dpatches.
-- Daniel T Chen <email address hidden> Tue, 25 Oct 2005 01:46:32 -0700
