group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1693893@xxxxxxxxxxxxxxxxxx>
Date: Mon, 10 Jul 2017 23:40:43 -0000
Reply-to: Bug 1693893 <1693893@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package vlc - 2.2.2-5ubuntu0.16.04.3

---------------
vlc (2.2.2-5ubuntu0.16.04.3) xenial-security; urgency=high

  * SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893)
    - fix-CVE-2016-5108.patch
    - CVE-2016-5108
  * SECURITY UPDATE: Crash due to Out-of-Bound Heap Memory Write
    - fix-CVE-2017-10699.patch
    - CVE-2017-10699
  * SECURITY UPDATE: Fix potential out of bound reads
    - fix-CVE-2017-8310.patch
    - CVE-2017-8310
  * SECURITY UPDATE: Fix invalid double increment
    - fix-CVE-2017-8311.patch
    - CVE-2017-8311
  * SECURITY UPDATE: Fix potential heap buffer overflow
    - fix-CVE-2017-8312.patch
    - CVE-2017-8312
  * SECURITY UPDATE: ParseJSS: fix out-of-bounds read
    - fix-CVE-2017-8313.patch
    - CVE-2017-8313

 -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Fri, 07 Jul 2017 06:54:34 -0500

** Changed in: vlc (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1693893

Title:
  Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

Status in vlc package in Ubuntu:
  In Progress
Status in vlc source package in Trusty:
  In Progress
Status in vlc source package in Xenial:
  Fix Released
Status in vlc source package in Zesty:
  In Progress
Status in vlc source package in Artful:
  In Progress

Bug description:
  This bug is meant to track the following public VLC CVEs and their
  status in Ubuntu. Here are the affected Ubuntu releases and the CVEs
  that affect that specific release:

  - Xenial:
    - 2016-5108
    - 2017-10699
    - 2017-8310
    - 2017-8311
    - 2017-8312
    - 2017-8313

  - Zesty:
    - 2017-10699
    - 2017-8310
    - 2017-8311
    - 2017-8312
    - 2017-8313
    - Already fixed in the package:
      - 2016-5108

  - Artful:
    - 2017-10699
    - Already fixed in the package:
      - 2016-5108
      - 2017-8310
      - 2017-8311
      - 2017-8312
      - 2017-8313

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+subscriptions