The referenced CVEs were in libpng and in gnutls; http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0333.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3466.html
gnutls already had an update: http://www.ubuntu.com/usn/usn-2229-1/ and the version of libpng we ship didn't include affected code. Thanks ** Information type changed from Private Security to Public ** Changed in: libpng (Ubuntu) Status: New => Fix Released ** Changed in: vlc (Ubuntu) Status: New => Invalid ** Changed in: libpng (Ubuntu) Status: Fix Released => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1350356 Title: vlc 2.1.5 is released, software upgrade is needed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/1350356/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
