← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #14578

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package vlc - 2.1.6-0ubuntu14.04.3

---------------
vlc (2.1.6-0ubuntu14.04.3) trusty-security; urgency=high

  * SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893)
    - fix-CVE-2016-5108.patch
    - CVE-2016-5108
  * SECURITY UPDATE: Fix potential out of bound reads
    - fix-CVE-2017-8310.patch
    - CVE-2017-8310
  * SECURITY UPDATE: Fix invalid double increment
    - fix-CVE-2017-8311.patch
    - CVE-2017-8311
  * SECURITY UPDATE: Fix potential heap buffer overflow
    - fix-CVE-2017-8312.patch
    - CVE-2017-8312
  * SECURITY UPDATE: ParseJSS: fix out-of-bounds read
    - fix-CVE-2017-8313.patch
    - CVE-2017-8313

 -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Mon, 10 Jul 2017 22:59:26 -0500

** Changed in: vlc (Ubuntu Trusty)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1693893

Title:
  Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

Status in vlc package in Ubuntu:
  Fix Released
Status in vlc source package in Trusty:
  Fix Released
Status in vlc source package in Xenial:
  Fix Released
Status in vlc source package in Zesty:
  Fix Released
Status in vlc source package in Artful:
  Fix Released

Bug description:
  This bug is meant to track the following public VLC CVEs and their
  status in Ubuntu. Here are the affected Ubuntu releases and the CVEs
  that affect that specific release:

  - Trusty:
    - 2016-5108
    - 2017-8310
    - 2017-8311
    - 2017-8312
    - 2017-8313
    - Not applicable to this version:
      - 2017-10699

  - Xenial:
    - 2016-5108
    - 2017-10699
    - 2017-8310
    - 2017-8311
    - 2017-8312
    - 2017-8313

  - Zesty:
    - 2017-10699
    - 2017-8310
    - 2017-8311
    - 2017-8312
    - 2017-8313
    - Already fixed in the package:
      - 2016-5108

  - Artful:
    - 2017-10699
    - Already fixed in the package:
      - 2016-5108
      - 2017-8310
      - 2017-8311
      - 2017-8312
      - 2017-8313

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+subscriptions
  Thread PreviousDate PreviousThread Next