[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

This bug was fixed in the package vlc - 2.1.6-0ubuntu14.04.3 --- vlc (2.1.6-0ubuntu14.04.3) trusty-security; urgency=high * SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893) - fix-CVE-2016-5108.patch - CVE-2016-5108 * SECURITY UPDATE: Fix potential out of

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

Attached is a debdiff for Trusty applicable to 2.1.6-0ubuntu14.04.2. ** Description changed: This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: + + - Trusty: + -

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

This bug was fixed in the package vlc - 2.2.6-2ubuntu1 --- vlc (2.2.6-2ubuntu1) artful; urgency=high * SECURITY UPDATE: Crash due to Out-of-Bound Heap Memory Write (LP: #1693893) - fix-CVE-2017-10699.patch - CVE-2017-10699 -- Simon Quigley Mon, 10

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

This bug was fixed in the package vlc - 2.2.4-14ubuntu2.1 --- vlc (2.2.4-14ubuntu2.1) zesty-security; urgency=high * SECURITY UPDATE: Crash due to Out-of-Bound Heap Memory Write (LP: #1693893) - fix-CVE-2017-10699.patch - CVE-2017-10699 * SECURITY UPDATE: Fix potential

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

This bug was fixed in the package vlc - 2.2.2-5ubuntu0.16.04.3 --- vlc (2.2.2-5ubuntu0.16.04.3) xenial-security; urgency=high * SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893) - fix-CVE-2016-5108.patch - CVE-2016-5108 * SECURITY UPDATE: Crash due to

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

** Changed in: vlc (Ubuntu Trusty) Status: New => In Progress ** Changed in: vlc (Ubuntu Trusty) Assignee: (unassigned) => Simon Quigley (tsimonq2) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

** Also affects: vlc (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1693893 Title: Fix out-of-bounds read, potential heap buffer overflow,

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

Here's a patch for Artful applicable to 2.2.6-2. I have been testing this on my own system for the past hour and it works completely fine. ** Patch added: "1-2.2.6-2ubuntu1.debdiff" https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4912130/+files/1-2.2.6-2ubuntu1.debdiff

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

Er, here's the right one. ** Patch added: "1-2.2.4-14ubuntu2.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1693893/+attachment/4912038/+files/1-2.2.4-14ubuntu2.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

Attached is a debdiff for Zesty applicable to 2.2.4-14ubuntu2. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1693893 Title: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

[Bug 1693893] Re: Fix out-of-bounds read, potential heap buffer overflow, and other CVEs

** Description changed: This bug is meant to track the following public VLC CVEs and their status in Ubuntu. Here are the affected Ubuntu releases and the CVEs that affect that specific release: - Xenial: - - 2016-5108 +   - 2016-5108 +   - 2017-10699 +   - 2017-8310 +   - 2017-8311