Accepted vlc 3.0.8-0+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 20 Aug 2019 20:58:05 +0200
Source: vlc
Binary: vlc libvlc-dev libvlc5 libvlccore-dev libvlccore9 libvlc-bin vlc-bin vlc-data vlc-l10n vlc-plugin-base vlc-plugin-access-extra vlc-plugin-video-output vlc-plugin-video-splitter vlc-plugin-visualization vlc-plugin-skins2 vlc-plugin-qt vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-svg vlc-plugin-samba vlc-nox vlc-plugin-zvbi
Architecture: source
Version: 3.0.8-0+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Description:
 libvlc-bin - tools for VLC's base library
 libvlc-dev - development files for libvlc
 libvlc5    - multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore9 - base library for VLC and its modules
 vlc        - multimedia player and streamer
 vlc-bin    - binaries from VLC
 vlc-data   - Common data for VLC
 vlc-l10n   - Translations for VLC
 vlc-nox    - transitional dummy package
 vlc-plugin-access-extra - multimedia player and streamer (extra access plugins)
 vlc-plugin-base - multimedia player and streamer (base plugins)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-qt - multimedia player and streamer (Qt plugin)
 vlc-plugin-samba - Samba plugin for VLC
 vlc-plugin-skins2 - multimedia player and streamer (Skins2 plugin)
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-video-output - multimedia player and streamer (video output plugins)
 vlc-plugin-video-splitter - multimedia player and streamer (video splitter plugins)
 vlc-plugin-visualization - multimedia player and streamer (visualization plugins)
 vlc-plugin-zvbi - transitional dummy package
Closes: 923017 929491 932131 932182
Changes:
 vlc (3.0.8-0+deb9u1) stretch-security; urgency=high
 .
   * New upstream release.
     - Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
     - Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
     - Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
       CVE-2019-14438)
     - Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
     - Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
     - Fix a use after free in the ASF demuxer (CVE-2019-14533)
     - Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
       (Closes: #932131)
     - Fix a null dereference in the ASF demuxer (CVE-2019-14534)
     - Fix a division by zero in the CAF demuxer (CVE-2019-14498)
     - Fix a division by zero in the ASF demuxer (CVE-2019-14535)
     - Fix a division by zero when playing DVDs. (Closes: #929491, #923017,
       #932182)
   * debian/patches:
     - Revert modplug version bump. We use the libopenmpt compat layer anyway.
     - Revert libebml version bump. libebml has been fixed separately.
Checksums-Sha1:
 95142fe6fa9fcd0ba0d9cc721299664a37b5d303 6436 vlc_3.0.8-0+deb9u1.dsc
 424a9795e051c198e7fa28107b15809ee6820d43 26041520 vlc_3.0.8.orig.tar.xz
 1aa21f1e218dbcd57ed6d86c2bd557650e1cd48a 195 vlc_3.0.8.orig.tar.xz.asc
 865575ee654847f949fb221e63a840014def8cc2 64072 vlc_3.0.8-0+deb9u1.debian.tar.xz
Checksums-Sha256:
 3d4cbac2d1c9d0beb43d10bc70a0bd258338712475ec56f10891228fdc72581d 6436 vlc_3.0.8-0+deb9u1.dsc
 e0149ef4a20a19b9ecd87309c2d27787ee3f47dfd47c6639644bc1f6fd95bdf6 26041520 vlc_3.0.8.orig.tar.xz
 2a314b27cea06447edd7e99b098c837095dce8f77a2372f5a0612de746b96a38 195 vlc_3.0.8.orig.tar.xz.asc
 2a12db52624d40f7d7b5869837b69abbe881c0fa1fff799b7018a66faa13b5fd 64072 vlc_3.0.8-0+deb9u1.debian.tar.xz
Files:
 92faff3427bbfc6037577a5e301c46a5 6436 video optional vlc_3.0.8-0+deb9u1.dsc
 744442ec0c145453ea1d257914c8072e 26041520 video optional vlc_3.0.8.orig.tar.xz
 34629d2e46dcbf17be97d483bd34bfa6 195 video optional vlc_3.0.8.orig.tar.xz.asc
 6a63179712094c11edc83f1150fd8ab0 64072 video optional vlc_3.0.8-0+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAl1cUg0ACgkQafL8UW6n
GZMtNA//eDruFDdcr+Ctmum5cEY3nzj5Xh3loQjgUtiRyQLr0caqoB5i+zZFK9BU
DAQRaQUXTFSH+QcXHj0qHx1YIdL4BjTP1LgplH66+2f6UO9Kv/CVs94+os1gpH7r
ENY5tyamgmdOAUHhJrVWdG/1Cnnr7jV8IoyEEvvYHwNQAzYn9WEDbvg/nLVcu6me
0xIb8osN/GCT7xyi8CSJLyEZCq2ywWeKGRgrDlU3lU5IhCZj7f19CjqUjJ090mv6
jZ1Jd8yDBuS+MmkaQCWduirYGn+syBaLW0Y9lqcxarG46AbuL0Fd4/MlQUBNqa5t
c+e3rNKVydZkkaISQdZh6E2jfFTEIlURZbusXD1JFke9gRQNR/cHmpDw+BEW4eYr
AlbdKiZqKmORVh4H9AjZ5T8UmpnlyCvPP4zt1LNkmKLIdghMigi4blRnUuwIA/lt
0qTI3UCVctF08lNUruueGx4f1VIYo42pnymngVIJcYW4zjLDXGDVoiA9fuW1wM8w
3+i2XQnXRvOorMjIeTy3nRRa+JLLT/LlfbsdXAHw755bOTQgbEt4msGrvk+i9MZX
jzdimR1/oufvEsiu8xB591YFp0+8czoiGf6/dR8bJyBA6IpQ1hudUdGKGlVWbvcE
09b7gXb+N4mW/y4VyZhUBUTnzSMTrYdTbvfuLG74i+teQn7ONkU=
=2Sa6
-----END PGP SIGNATURE-----