touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #05841
[Bug 1350356] Re: vlc 2.1.5 is released, software upgrade is needed
The referenced CVEs were in libpng and in gnutls;
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0333.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3466.html
gnutls already had an update: http://www.ubuntu.com/usn/usn-2229-1/ and
the version of libpng we ship didn't include affected code.
Thanks
** Information type changed from Private Security to Public
** Changed in: libpng (Ubuntu)
Status: New => Fix Released
** Changed in: vlc (Ubuntu)
Status: New => Invalid
** Changed in: libpng (Ubuntu)
Status: Fix Released => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libpng in Ubuntu.
https://bugs.launchpad.net/bugs/1350356
Title:
vlc 2.1.5 is released, software upgrade is needed
Status in “libpng” package in Ubuntu:
Invalid
Status in “vlc” package in Ubuntu:
Invalid
Bug description:
vlc 2.1.5 has been released.
Changes between 2.1.4 and 2.1.5:
--------------------------------
Core:
* Fix compilation on OS/2
Access:
* Stability improvements for the QTSound capture module
Mac OS X audio output:
* Fix channel ordering
* Increase the buffersize
Decoders:
* Fix DxVA2 decoding of samples needing more surfaces
* Improve MAD resistance to broken mp3 streams
* Fix PGS alignment in MKV
Qt Interface:
* Don't rename mp3 converted files to .raw
Mac OS X Interface:
* Correctly support video-on-top
* Fix video output event propagation on Macs with retina displays
* Stability improvements when using future VLC releases side by side
Streaming:
* Fix transcode when audio format changes
Security contents:
* Updated GnuTLS to 3.1.25 (CVE-2014-3466)
* Updated libpng to 1.6.10 (CVE-2014-0333)
Translations:
* Update British English
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/1350356/+subscriptions
