Hi, The vulnerability CVE 2014-3466 in GNUTLS has *not* been fixed in Trusty (at time of writing the current stable release). It's been fixed in libgnutls26, but not in libgnutls28 (which is what VLC actually uses) - see:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1326779 Cheers, Dr Owain Kenway -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libpng in Ubuntu. https://bugs.launchpad.net/bugs/1350356 Title: vlc 2.1.5 is released, software upgrade is needed Status in “libpng” package in Ubuntu: Invalid Status in “vlc” package in Ubuntu: Invalid Bug description: vlc 2.1.5 has been released. Changes between 2.1.4 and 2.1.5: -------------------------------- Core: * Fix compilation on OS/2 Access: * Stability improvements for the QTSound capture module Mac OS X audio output: * Fix channel ordering * Increase the buffersize Decoders: * Fix DxVA2 decoding of samples needing more surfaces * Improve MAD resistance to broken mp3 streams * Fix PGS alignment in MKV Qt Interface: * Don't rename mp3 converted files to .raw Mac OS X Interface: * Correctly support video-on-top * Fix video output event propagation on Macs with retina displays * Stability improvements when using future VLC releases side by side Streaming: * Fix transcode when audio format changes Security contents: * Updated GnuTLS to 3.1.25 (CVE-2014-3466) * Updated libpng to 1.6.10 (CVE-2014-0333) Translations: * Update British English To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/1350356/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
