Your message dated Sun, 29 May 2016 11:28:03 +0000
with message-id <[email protected]>
and subject line Bug#825728: fixed in vlc 2.2.3-2
has caused the Debian Bug report #825728,
regarding vlc: CVE-2016-5108
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
825728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825728
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: vlc
Version: 2.2.3-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for vlc.
CVE-2016-5108[0]:
crash and potential code execution when processing QuickTime IMA files
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5108
[1] http://www.openwall.com/lists/oss-security/2016/05/27/3
[2]
https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: vlc
Source-Version: 2.2.3-2
We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Ramacher <[email protected]> (supplier of updated vlc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 29 May 2016 13:09:00 +0200
Source: vlc
Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore8 vlc vlc-data vlc-nox
vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-sdl
vlc-plugin-svg vlc-plugin-zvbi vlc-plugin-samba
Architecture: source
Version: 2.2.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
<[email protected]>
Changed-By: Sebastian Ramacher <[email protected]>
Description:
libvlc-dev - development files for libvlc
libvlc5 - multimedia player and streamer library
libvlccore-dev - development files for libvlccore
libvlccore8 - base library for VLC and its modules
vlc - multimedia player and streamer
vlc-data - Common data for VLC
vlc-nox - multimedia player and streamer (without X support)
vlc-plugin-fluidsynth - FluidSynth plugin for VLC
vlc-plugin-jack - Jack audio plugins for VLC
vlc-plugin-notify - LibNotify plugin for VLC
vlc-plugin-samba - Samba plugin for VLC
vlc-plugin-sdl - SDL video and audio output plugin for VLC
vlc-plugin-svg - SVG plugin for VLC
vlc-plugin-zvbi - VBI teletext plugin for VLC
Closes: 825728
Changes:
vlc (2.2.3-2) unstable; urgency=medium
.
* debian/patches:
- g711-fix-dangling-pointer-fixes-16909.patch: Upstream patch to fix issue
with some WAV files.
- adpcm-reject-invalid-QuickTime-IMA-files.patch: Apply upstream patch for
CVE-2016-5108. (Closes: #825728)
* debian/rules: Reduce libX11 and libxcb linkage to a warning. Moving the
ffmpeg and libtheora plugins to vlc does not make much sense.
Checksums-Sha1:
fa137aadb5ed4f19ba000d48b935f314874660c6 5950 vlc_2.2.3-2.dsc
0a416804aa8cca9ad52a79a887992b45aa71d4d8 73620 vlc_2.2.3-2.debian.tar.xz
Checksums-Sha256:
841110ef9e39b1617f141f2a77b47ecec8ad40d072a21398242e60f3cb91a388 5950
vlc_2.2.3-2.dsc
1c0afa6f45be747001ee9ddc17fa4586c3553533deb1d25b6ecc7af4763ace94 73620
vlc_2.2.3-2.debian.tar.xz
Files:
228275e287fefefab75bc7aa6cdcabbf 5950 video optional vlc_2.2.3-2.dsc
c82a410f38abc4c000a40b56f1812d04 73620 video optional vlc_2.2.3-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXSs//AAoJEGny/FFupxmTDCUP/30z3TQ42cqUhiu4hcpGismL
LoayzW/MsUEUkitqvfoMmGrFNYnUrcitU0PQdwfKHo4IZf94GYw85bnfkdytwz6u
vzfRgUxNS4dYMejjbCJ06cgu6zLSbW/RVzNAt+xhbPcWWOXILMrr+WEYjvB3HGs+
TCQInkJQfV/5BIJgfLjVxiqSUy71eIOrJlluQRSn8QJETHSY/Ih7BqoEzj+Jsf5V
52fS0u1IKTRs37th3Ly3ogJIBscByClsbFJ5bl6KfRUn61OPIhYbBGCUZ+HfTx3H
IY45mRNH6E0anyVraVE9hjZ8ncpphMm6TRucdUzRBzl7DhXMEnegZf03nIodrLrb
c6jmBwi3ERneoHYLfSdSq1mie90Ws9A21S8ePQMBQRWJIriY+XStSz7vRdX2TkzF
eIi1Uf1cHObyfcGZ2LMA0qom/KVdCXrUxHAAKMOha3sf4C8lJ9O9SV0eyGFYVOLr
LEaBEjk6TwF6k+y6zopq3jFT3r6CuIg0IACz+WX6jxBpkvurDlr5XNcaQT0KyaRj
CYBsZoWxaWHmIw23BhR9WipxIrhJBvCI6XJup1zdblCrVp9NXr3/ADEF6aXF7U1Y
dS1KeaF8wUfsv1FuegzBIokGR+gMsEGDekSj2F5yZ2jq6Wkpb6m8pEL80JxSLx8B
Zrqfgw2QfYf88TQsU4Td
=B2rU
-----END PGP SIGNATURE-----
--- End Message ---
