Debian Package Tracker

From: Nico Golde <nion@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted vlc 0.8.6.c-4.1 (source all i386)
Date: Fri, 11 Jan 2008 15:47:06 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 11 Jan 2008 15:05:10 +0100
Source: vlc
Binary: wxvlc vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-alsa vlc-plugin-glide vlc-plugin-esd mozilla-plugin-vlc vlc libvlc0 vlc-plugin-arts vlc-nox vlc-plugin-svgalib libvlc0-dev
Architecture: source all i386
Version: 0.8.6.c-4.1
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-alsa - dummy transitional package
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
 wxvlc      - dummy transitional package
Closes: 458318
Changes: 
 vlc (0.8.6.c-4.1) unstable; urgency=high
 .
   * Non-maintainer upload by security team.
   * This update addresses the following security issues
     (CVE ids pending; Closes: #458318):
     - Fix format string issue in internal webserver that could lead to
       to arbitrary code execution (sec-httpd_formatstring.diff).
     - Disable m3u EXTVLCOPT parsing if no command line option is specified
       (--m3u-extvlcopt) to prevent browser plugins to control stream output
       and thus overwriting arbitrary files of the user running vlc
       (sec-vlcopt_support.diff).
     - Fix stack-based buffer overflow in subtitle parsing
       (sec-subtitle_buffer_overflow.diff).
     - Fix NULL pointer dereference in the rtsp/rtp module by checking return
       of the httpd_MsgGet function (sec-rtsp_remote_dos.diff).
Files: 
 c16b380dbe38a294c9ac30cd600c817e 2715 graphics optional vlc_0.8.6.c-4.1.dsc
 62ee59bd4d5177cefa3fa2bac26d1862 37190 graphics optional vlc_0.8.6.c-4.1.diff.gz
 612091db15f3f1591c65eb686661478c 796 graphics optional vlc-plugin-alsa_0.8.6.c-4.1_all.deb
 7df04f80118287d0652cfc3e356ee50a 792 graphics optional wxvlc_0.8.6.c-4.1_all.deb
 3dea20d4cc93be6c2ca0216b28b53007 1147258 graphics optional vlc_0.8.6.c-4.1_i386.deb
 26ddc8e7e124cf95934e29e36fc711c3 4704844 net optional vlc-nox_0.8.6.c-4.1_i386.deb
 33fe6db53726d40f2a0d757665836a55 466188 libs optional libvlc0_0.8.6.c-4.1_i386.deb
 d662a2c15453e9727300fe5e41dd4e65 510656 libdevel optional libvlc0-dev_0.8.6.c-4.1_i386.deb
 cba0f0620ded0802d0ff827d4be344f5 4818 graphics optional vlc-plugin-esd_0.8.6.c-4.1_i386.deb
 197230204dd7e1429eda74a38cb216a0 10884 graphics optional vlc-plugin-sdl_0.8.6.c-4.1_i386.deb
 e23e5ebbd0749d87df796eddcf6d9aae 5936 graphics optional vlc-plugin-ggi_0.8.6.c-4.1_i386.deb
 c1e0a991ce6d6d48c6562bccdd645360 4192 graphics optional vlc-plugin-glide_0.8.6.c-4.1_i386.deb
 935554fef0f34754614c98e0240fee66 4074 graphics optional vlc-plugin-arts_0.8.6.c-4.1_i386.deb
 d24ad9408b9936831b2127ebd578d517 37788 graphics optional mozilla-plugin-vlc_0.8.6.c-4.1_i386.deb
 5e3d4b12ef84fa1273fc1252aa399c5c 4530 graphics optional vlc-plugin-svgalib_0.8.6.c-4.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHh4vmHYflSXNkfP8RAu59AJwPDzsTB5Zne8tuNVDH5dwGyCp7fwCdESVH
8h6WWhDcuKvijGYDoUiVpRs=
=M2sV
-----END PGP SIGNATURE-----


Accepted:
libvlc0-dev_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.c-4.1_i386.deb
libvlc0_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/libvlc0_0.8.6.c-4.1_i386.deb
mozilla-plugin-vlc_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.c-4.1_i386.deb
vlc-nox_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.c-4.1_i386.deb
vlc-plugin-alsa_0.8.6.c-4.1_all.deb
  to pool/main/v/vlc/vlc-plugin-alsa_0.8.6.c-4.1_all.deb
vlc-plugin-arts_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.c-4.1_i386.deb
vlc-plugin-esd_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.c-4.1_i386.deb
vlc-plugin-ggi_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.c-4.1_i386.deb
vlc-plugin-glide_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/vlc-plugin-glide_0.8.6.c-4.1_i386.deb
vlc-plugin-sdl_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.c-4.1_i386.deb
vlc-plugin-svgalib_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.c-4.1_i386.deb
vlc_0.8.6.c-4.1.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.c-4.1.diff.gz
vlc_0.8.6.c-4.1.dsc
  to pool/main/v/vlc/vlc_0.8.6.c-4.1.dsc
vlc_0.8.6.c-4.1_i386.deb
  to pool/main/v/vlc/vlc_0.8.6.c-4.1_i386.deb
wxvlc_0.8.6.c-4.1_all.deb
  to pool/main/v/vlc/wxvlc_0.8.6.c-4.1_all.deb
News for package vlc
