Debian Package Tracker

From: Sebastian Ramacher <sramacher@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted vlc 3.0.8-1 (source) into unstable
Date: Mon, 19 Aug 2019 17:26:12 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 19 Aug 2019 18:50:39 +0200
Source: vlc
Architecture: source
Version: 3.0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Changes:
 vlc (3.0.8-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
     - Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
       CVE-2019-14438)
     - Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
     - Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
     - Fix a use after free in the ASF demuxer (CVE-2019-14533)
     - Fix a null dereference in the ASF demuxer (CVE-2019-14534)
     - Fix a division by zero in the CAF demuxer (CVE-2019-14498)
     - Fix a division by zero in the ASF demuxer (CVE-2019-14535)
   * debian/: Remove crystalhd plugin. libcrystalhd-dev is scheduled for
     removal.
   * debian/patches: Remove patches included upstream.
   * debian/control: Switch back to libmodplug-dev since vlc now requires
     0.8.9.
Checksums-Sha1:
 998912f79895951393af23859a93a0b024296c7f 6323 vlc_3.0.8-1.dsc
 424a9795e051c198e7fa28107b15809ee6820d43 26041520 vlc_3.0.8.orig.tar.xz
 1aa21f1e218dbcd57ed6d86c2bd557650e1cd48a 195 vlc_3.0.8.orig.tar.xz.asc
 c2d5f4c75977b4d45f23215981da94e0650bbaa1 63436 vlc_3.0.8-1.debian.tar.xz
Checksums-Sha256:
 7a944a0da42c0ff5a1e8638abdc5943667a09e378e0f39a9cce50eb50463adf2 6323 vlc_3.0.8-1.dsc
 e0149ef4a20a19b9ecd87309c2d27787ee3f47dfd47c6639644bc1f6fd95bdf6 26041520 vlc_3.0.8.orig.tar.xz
 2a314b27cea06447edd7e99b098c837095dce8f77a2372f5a0612de746b96a38 195 vlc_3.0.8.orig.tar.xz.asc
 8882b89fd412eb9ff32068a7e1c347a4a1483d2d0a6077cbb74d41027f9b4c63 63436 vlc_3.0.8-1.debian.tar.xz
Files:
 fb1163d865d255a0a2fc5a9da357153c 6323 video optional vlc_3.0.8-1.dsc
 744442ec0c145453ea1d257914c8072e 26041520 video optional vlc_3.0.8.orig.tar.xz
 34629d2e46dcbf17be97d483bd34bfa6 195 video optional vlc_3.0.8.orig.tar.xz.asc
 ea481f93e2946980cfc4128c8b5e3dd1 63436 video optional vlc_3.0.8-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAl1a15YACgkQafL8UW6n
GZNdKQ/0CStGHFFC1lNcaYV60lR6HoSzg7dGBDg7d92A6KbLIZHSq1Q79g+F7WUK
24sGnGFEZ4t8BPALoaOhD8i3ySvP5mbJwNe0k7Rq2Tt/5sd1D2z5jUaKN3thhn84
lda1yH445vGf9p9y5ibWvhC4yUrk93VZh3dGlpgGv15FJyoS7VlgRU6IgoBwW/+1
8NoKfYGzJ/yVgzVa6EG9mRdOtUXNZritIlzcGuqS0fpDu6Teulv2aNLV5c20/e6Q
nzWGGRpsQ2JLjcQBh4tL1puTHrGi/f1UGDouoKagWDPu+0/zaXb3EKhr2tgb0Nn5
FE8DqLaJnac/2eweDRAPsPSQ5e4SOP2VMFZrnxSTy2sFdhIr0i53UDwqyOEnRT2A
iq0OPBjWIbFL+ChIuyFP2Cr4LrSkKnF8BpM/ziCrMOoZ+w9fFupXMlRkbL+4IeZx
5hYEtUoWFOOY6FBmyr75Zrj2a91Rs6RrFVF4h1JQ3VWD4WOKLY41IrtSGf7a/guU
BiWPpwKMaMkYI3uZkOwcSPfhVWfJMmuRybSWlSFAG2qJEXTYV6y3sisl2Q6bm/1/
hvJESWmyYFmTJ+ewOZ/oq9X0dPNDs3UYtE7t7tdWcPoaYy18meS9RfF/jgAyRNcG
ea8xh2OMT91laL1Zmx3ac6hRyI4uNZULmtmuGVKrETmmTrnjKw==
=8XfF
-----END PGP SIGNATURE-----
News for package vlc
