← Back to team overview

touch-packages team mailing list archive

[Bug 1350356] Re: vlc 2.1.5 is released, software upgrade is needed

 

The referenced CVEs were in libpng and in gnutls;

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0333.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3466.html

gnutls already had an update: http://www.ubuntu.com/usn/usn-2229-1/ and
the version of libpng we ship didn't include affected code.

Thanks

** Information type changed from Private Security to Public

** Changed in: libpng (Ubuntu)
       Status: New => Fix Released

** Changed in: vlc (Ubuntu)
       Status: New => Invalid

** Changed in: libpng (Ubuntu)
       Status: Fix Released => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libpng in Ubuntu.
https://bugs.launchpad.net/bugs/1350356

Title:
  vlc 2.1.5 is released, software upgrade is needed

Status in “libpng” package in Ubuntu:
  Invalid
Status in “vlc” package in Ubuntu:
  Invalid

Bug description:
  vlc 2.1.5 has been released.

  Changes between 2.1.4 and 2.1.5:
  --------------------------------

  Core:
   * Fix compilation on OS/2

  Access:
   * Stability improvements for the QTSound capture module

  Mac OS X audio output:
   * Fix channel ordering
   * Increase the buffersize

  Decoders:
   * Fix DxVA2 decoding of samples needing more surfaces
   * Improve MAD resistance to broken mp3 streams
   * Fix PGS alignment in MKV

  Qt Interface:
   * Don't rename mp3 converted files to .raw

  Mac OS X Interface:
   * Correctly support video-on-top
   * Fix video output event propagation on Macs with retina displays
   * Stability improvements when using future VLC releases side by side

  Streaming:
   * Fix transcode when audio format changes

  Security contents:
   * Updated GnuTLS to 3.1.25 (CVE-2014-3466)
   * Updated libpng to 1.6.10 (CVE-2014-0333)

  Translations:
   * Update British English

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/1350356/+subscriptions