touch-packages team mailing list archive

Thread
Date

[Bug 1350356] Re: vlc 2.1.5 is released, software upgrade is needed

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Owain Kenway <o.kenway@xxxxxxxxx>
Date: Wed, 13 Aug 2014 13:49:38 -0000
Reply-to: Bug 1350356 <1350356@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi,

The vulnerability CVE 2014-3466 in GNUTLS has *not* been fixed in Trusty
(at time of writing the current stable release).  It's been fixed in
libgnutls26, but not in libgnutls28 (which is what VLC actually uses) -
see:

https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1326779

Cheers,
Dr Owain Kenway

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libpng in Ubuntu.
https://bugs.launchpad.net/bugs/1350356

Title:
  vlc 2.1.5 is released, software upgrade is needed

Status in “libpng” package in Ubuntu:
  Invalid
Status in “vlc” package in Ubuntu:
  Invalid

Bug description:
  vlc 2.1.5 has been released.

  Changes between 2.1.4 and 2.1.5:
  --------------------------------

  Core:
   * Fix compilation on OS/2

  Access:
   * Stability improvements for the QTSound capture module

  Mac OS X audio output:
   * Fix channel ordering
   * Increase the buffersize

  Decoders:
   * Fix DxVA2 decoding of samples needing more surfaces
   * Improve MAD resistance to broken mp3 streams
   * Fix PGS alignment in MKV

  Qt Interface:
   * Don't rename mp3 converted files to .raw

  Mac OS X Interface:
   * Correctly support video-on-top
   * Fix video output event propagation on Macs with retina displays
   * Stability improvements when using future VLC releases side by side

  Streaming:
   * Fix transcode when audio format changes

  Security contents:
   * Updated GnuTLS to 3.1.25 (CVE-2014-3466)
   * Updated libpng to 1.6.10 (CVE-2014-0333)

  Translations:
   * Update British English

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/1350356/+subscriptions