desktop-packages team mailing list archive

Thread
Date

[Bug 1512274] [NEW] Sync libvdpau 1.1.1-3 (main) from Debian sid (main)

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Oibaf <1512274@xxxxxxxxxxxxxxxxxx>
Date: Mon, 02 Nov 2015 09:10:17 -0000
Reply-to: Bug 1512274 <1512274@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Please sync libvdpau 1.1.1-3 (main) from Debian sid (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: privilege escalation when used in setuid or setgid
    applications
    - debian/patches/CVE-2015-5xxx.patch: use secure_getenv and protect
      against directory traversal in configure.ac, src/Makefile.am,
      src/mesa_dri2.c, src/util.h, src/vdpau_wrapper.c,
      trace/vdpau_trace.cpp.
    - CVE-2015-5198
    - CVE-2015-5199
    - CVE-2015-5200
  * SECURITY UPDATE: privilege escalation when used in setuid or setgid
    applications
    - debian/patches/CVE-2015-5xxx.patch: use secure_getenv and protect
      against directory traversal in configure.ac, src/Makefile.am,
      src/mesa_dri2.c, src/util.h, src/vdpau_wrapper.c,
      trace/vdpau_trace.cpp.
    - CVE-2015-5198
    - CVE-2015-5199
    - CVE-2015-5200

Debian package already include everything in the Ubuntu package.

Changelog entries since current xenial version 1.1-1ubuntu1:

libvdpau (1.1.1-3) unstable; urgency=medium

  [ Luca Boccassi ]
  * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625)
  * Upload to unstable.

 -- Andreas Beckmann <anbe@xxxxxxxxxx>  Thu, 29 Oct 2015 00:47:28 +0100

libvdpau (1.1.1-2) experimental; urgency=medium

  * Add vdpau-driver-all driver metapackage.  (Closes: #800657)
  * libvdpau1: Recommends: vdpau-driver-all | vdpau-driver.
  * Upload to experimental.

 -- Andreas Beckmann <anbe@xxxxxxxxxx>  Thu, 08 Oct 2015 10:15:00 +0200

libvdpau (1.1.1-1) unstable; urgency=medium

  [ Andreas Beckmann ]
  * simplify d/rules

  [ Luca Boccassi ]
  * New upstream release.
    - Use secure_getenv(3) to improve security
      (CVE-2015-5198, CVE-2015-5199, CVE-2015-5200). Closes: #797895.
  * Do not check for pdftex, removed upstream
  * Add myself to Uploaders
  * Refresh dlopen-path patch, upstream changes
  * Refresh patch module-searchpath, upstream changes

 -- Luca Boccassi <luca.boccassi@xxxxxxxxx>  Thu, 03 Sep 2015 23:31:59
+0100

** Affects: libvdpau (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libvdpau in Ubuntu.
https://bugs.launchpad.net/bugs/1512274

Title:
  Sync libvdpau 1.1.1-3 (main) from Debian sid (main)

Status in libvdpau package in Ubuntu:
  New

Bug description:
  Please sync libvdpau 1.1.1-3 (main) from Debian sid (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * SECURITY UPDATE: privilege escalation when used in setuid or setgid
      applications
      - debian/patches/CVE-2015-5xxx.patch: use secure_getenv and protect
        against directory traversal in configure.ac, src/Makefile.am,
        src/mesa_dri2.c, src/util.h, src/vdpau_wrapper.c,
        trace/vdpau_trace.cpp.
      - CVE-2015-5198
      - CVE-2015-5199
      - CVE-2015-5200
    * SECURITY UPDATE: privilege escalation when used in setuid or setgid
      applications
      - debian/patches/CVE-2015-5xxx.patch: use secure_getenv and protect
        against directory traversal in configure.ac, src/Makefile.am,
        src/mesa_dri2.c, src/util.h, src/vdpau_wrapper.c,
        trace/vdpau_trace.cpp.
      - CVE-2015-5198
      - CVE-2015-5199
      - CVE-2015-5200

  Debian package already include everything in the Ubuntu package.

  Changelog entries since current xenial version 1.1-1ubuntu1:

  libvdpau (1.1.1-3) unstable; urgency=medium

    [ Luca Boccassi ]
    * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625)
    * Upload to unstable.

   -- Andreas Beckmann <anbe@xxxxxxxxxx>  Thu, 29 Oct 2015 00:47:28
  +0100

  libvdpau (1.1.1-2) experimental; urgency=medium

    * Add vdpau-driver-all driver metapackage.  (Closes: #800657)
    * libvdpau1: Recommends: vdpau-driver-all | vdpau-driver.
    * Upload to experimental.

   -- Andreas Beckmann <anbe@xxxxxxxxxx>  Thu, 08 Oct 2015 10:15:00
  +0200

  libvdpau (1.1.1-1) unstable; urgency=medium

    [ Andreas Beckmann ]
    * simplify d/rules

    [ Luca Boccassi ]
    * New upstream release.
      - Use secure_getenv(3) to improve security
        (CVE-2015-5198, CVE-2015-5199, CVE-2015-5200). Closes: #797895.
    * Do not check for pdftex, removed upstream
    * Add myself to Uploaders
    * Refresh dlopen-path patch, upstream changes
    * Refresh patch module-searchpath, upstream changes

   -- Luca Boccassi <luca.boccassi@xxxxxxxxx>  Thu, 03 Sep 2015 23:31:59
  +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvdpau/+bug/1512274/+subscriptions

Follow ups

[Bug 1512274] Re: Sync libvdpau 1.1.1-3 (main) from Debian sid (main)
From: Martin Pitt, 2015-11-13
[Bug 1512274] Re: Sync libvdpau 1.1.1-3 (main) from Debian sid (main)
From: Logan Rosen, 2015-11-06