Source: vlc
Version: 3.0.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: fixed -1 3.0.7-1
Control: found -1 3.0.6-0+deb9u1

Hi

Given there are no CVEs for the repsective issues (so far) add a
single tracking bug in the BTS to get a reference, fixed already in
3.0.7-1 in unstable:

 vlc (3.0.7-1) unstable; urgency=high
 .
   * New upstream release.
     - Fix multiple integer overflows.
     - Fix multiple buffer overflows.
     - Fix use-after-free issue.
     - Fix NULL pointer dereference.
     - Fix other memory access bugs and infinite loops.
   * debian/rules: Be explicit about --enable-debug/disable-debug.

Regards,
Salvatore

Reply via email to