-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Aug 2019 20:34:42 +0200 Source: vlc Architecture: source Version: 3.0.8-0+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org> Changed-By: Sebastian Ramacher <sramacher@debian.org> Closes: 923017 929491 932131 932182 Changes: vlc (3.0.8-0+deb10u1) buster-security; urgency=high . * New upstream release. - Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) - Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) - Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) - Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) - Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) - Fix a use after free in the ASF demuxer (CVE-2019-14533) - Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) (Closes: #932131) - Fix a null dereference in the ASF demuxer (CVE-2019-14534) - Fix a division by zero in the CAF demuxer (CVE-2019-14498) - Fix a division by zero in the ASF demuxer (CVE-2019-14535) - Fix a division by zero when playing DVDs. (Closes: #929491, #923017, #932182) * debian/control: Bump libebml-dev B-D according to configure check changes. * debian/patches: Revert modplug version bump. We use the libopenmpt compat layer anyway. Checksums-Sha1: 49527257e382a5df91166db898732064d6cc1efd 6471 vlc_3.0.8-0+deb10u1.dsc 424a9795e051c198e7fa28107b15809ee6820d43 26041520 vlc_3.0.8.orig.tar.xz 1aa21f1e218dbcd57ed6d86c2bd557650e1cd48a 195 vlc_3.0.8.orig.tar.xz.asc 66e64e437530401deaf9026c97e1c9dd20090892 64200 vlc_3.0.8-0+deb10u1.debian.tar.xz Checksums-Sha256: ef491979936cbc5f8537185823aece76d853255c9c3f34297a56ce1fde3ac88a 6471 vlc_3.0.8-0+deb10u1.dsc e0149ef4a20a19b9ecd87309c2d27787ee3f47dfd47c6639644bc1f6fd95bdf6 26041520 vlc_3.0.8.orig.tar.xz 2a314b27cea06447edd7e99b098c837095dce8f77a2372f5a0612de746b96a38 195 vlc_3.0.8.orig.tar.xz.asc e17a0013793480c9d8c41cd0a25921b17ef5370a909b3c89d5991d96211c5cf6 64200 vlc_3.0.8-0+deb10u1.debian.tar.xz Files: 55c99b09e5fa2f06913512c441fa2467 6471 video optional vlc_3.0.8-0+deb10u1.dsc 744442ec0c145453ea1d257914c8072e 26041520 video optional vlc_3.0.8.orig.tar.xz 34629d2e46dcbf17be97d483bd34bfa6 195 video optional vlc_3.0.8.orig.tar.xz.asc 649c15eb0d2dd98287d1e5742dcf23aa 64200 video optional vlc_3.0.8-0+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAl1cUdEACgkQafL8UW6n GZOHwhAAoLN8CymATzAnDxV2IGe8eyknyOt5zSpIVjGkpPQzrZlAmBl+htKts6vd wIZfmTfFLKmP0sHxRc3vVKlcGviJ6hQkTT70FLsgk0l3d+Icg00Rqu+Stgh2GZZw keJWSTcjUj+ElKqLYVrqnECqQtx9eYG2DDqw+SscrKm3XRIqQPI+jf2CpIvBuXBT nK1SFW36K5R7ddLlksc+LBFz7qUNlCpq5U0mFVy3xHn653yvdIEIe1oZ6/KxsgVs 8abrxJcsPbdTbpvoQYDDsfedRb5U4EHfftpmm0S0OtnHcSdMi8UrZ92Rw0cnDnjX We7/0wrW1JAiP96wnopLib0QzAithT5G9bph7TkylFLX74GdkQVoCgoA0FerenX2 4AavIL2kfsgXLxqm857ObS8MowDimi0oObW+N87362RzoSmrt4zPY1CKQrXdhkqm IQWNTGxI7RTtP3Xij0UviYKkZGUM3Rt9MkWD52p0OXBkngwbUkt3h76/Zkgz02j+ lDRz2TPV8O/ZHwbBDHsQd3E1GRe63cj8nUd6Krbb1aeqH+/Shq9SsgJyKUDPDdZh 1XVYsucAOSKn/beHNOeTtIRA1O4PPA0mQAUkrZO6J4oWwM3oun5CNv/pVpaMWT0o Omeo67sK2JUL+qL01CRAF4KzaVhRUho4idBBOPYMQdpOqGbXfBE= =JpD/ -----END PGP SIGNATURE-----