Debian Package Tracker

general

source: vlc (source, video)
version: 2.2.6-2
maintainer: Debian Multimedia Maintainers (archive) [DMD]
uploaders: Reinhard Tartler [DMD] – Sebastian Ramacher [DMD] – Christophe Mutricy [DMD] – Edward Wang [DMD] – Mateusz Łukasik [DMD] – Benjamin Drung [DMD] – Mohammed Adnène Trojette [DMD] – Loic Minier [DMD]
arch: all any
std-ver: 4.0.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.3-5+deb7u2
o-o-sec: 2.0.3-5+deb7u2
o-o-bpo: 2.1.5-1~bpo70+1
oldstable: 2.2.5-1~deb8u1
old-sec: 2.2.4-1~deb8u1
stable: 2.2.6-1~deb9u1
testing: 2.2.6-2
unstable: 2.2.6-2

versioned links

2.0.3-5+deb7u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.5-1~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.4-1~deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.5-1~deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.6-1~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libvlc-bin
libvlc-dev
libvlc5
libvlccore-dev
libvlccore8
vlc
vlc-bin
vlc-data
vlc-l10n
vlc-plugin-access-extra
vlc-plugin-base
vlc-plugin-fluidsynth
vlc-plugin-jack
vlc-plugin-notify
vlc-plugin-qt
vlc-plugin-samba
vlc-plugin-sdl
vlc-plugin-skins2
vlc-plugin-svg
vlc-plugin-video-output
vlc-plugin-video-splitter
vlc-plugin-visualization
vlc-plugin-zvbi

action needed

2 security issues in sid

high

There are 2 open security issues in sid.

2 important issues:

CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

Please fix them.

Created: 2017-05-30 Last update: 2017-06-24 07:29

2 security issues in wheezy

high

There are 2 open security issues in wheezy.

2 important issues:

CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

Please fix them.

Created: 2017-05-30 Last update: 2017-06-24 07:29

2 security issues in buster

high

There are 2 open security issues in buster.

2 important issues:

CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

Please fix them.

Created: 2017-06-18 Last update: 2017-06-24 07:29

6 security issues in jessie

high

There are 6 open security issues in jessie.

6 important issues:

CVE-2017-8311: Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
CVE-2017-8310: Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.
CVE-2017-8313: Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.
CVE-2017-8312: Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

Please fix them.

Created: 2017-05-24 Last update: 2017-06-24 07:29

2 security issues in stretch

high

There are 2 open security issues in stretch.

2 important issues:

CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

Please fix them.

Created: 2017-05-30 Last update: 2017-06-24 07:29

lintian reports 17 errors

high

Lintian reports 17 errors about this package. You should make the package lintian clean getting rid of them.

Created: 2016-03-19 Last update: 2017-06-19 07:06

Standards version of the package is outdated.

high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 3.9.8 instead of 4.0.0).

Created: 2017-06-19 Last update: 2017-06-19 01:06

Build log checks report 1 error and 1 warning

high

Build log checks report 1 error and 1 warning

Created: 2016-04-09 Last update: 2016-04-18 06:51

Multiarch hinter reports 1 issue(s)

normal

There are issues with the multiarch metadata for this package.

vlc could be marked Multi-Arch: same

Created: 2017-06-23 Last update: 2017-06-24 07:39

Does not build reproducibly during testing

normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-04-06 Last update: 2017-06-24 07:37

Depends on packages which need a new maintainer

normal

The packages that vlc depends on which need a new maintainer are:

libdca (#704010)
- Depends: libdca0
- Build-Depends: libdca-dev

Created: 2015-07-05 Last update: 2017-06-24 07:35

1 bug tagged help in the BTS

normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2016-05-08 Last update: 2017-06-24 07:15

1 bug tagged patch in the BTS

normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2017-01-17 Last update: 2017-06-24 07:15

testing migrations

This package will soon be part of the auto-x265 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-libcdio transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-libbluray transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-liblivemedia transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-libass transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-directfb transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-libwebp transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2017-06-24] vlc 2.2.6-2 MIGRATED to testing (Debian testing watch)
[2017-06-18] Accepted vlc 2.2.6-2 (source) into unstable (Sebastian Ramacher)
[2017-05-27] vlc 2.2.6-1~deb9u1 MIGRATED to testing (Debian testing watch)
[2017-05-25] Accepted vlc 2.2.6-1~deb9u1 (source) into unstable (Sebastian Ramacher)
[2017-05-24] Accepted vlc 2.2.6-1 (source) into experimental (Sebastian Ramacher)
[2017-05-20] Accepted vlc 2.2.5.1-1~deb9u2 (source) into unstable (Sebastian Ramacher)
[2017-05-19] vlc 2.2.5.1-1~deb9u1 MIGRATED to testing (Debian testing watch)
[2017-05-13] Accepted vlc 2.2.5.1-1~deb9u1 (source) into unstable (Sebastian Ramacher)
[2017-05-13] Accepted vlc 2.2.5.1-1 (source) into experimental (Sebastian Ramacher)
[2017-04-30] Accepted vlc 2.2.5-1~deb8u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Sebastian Ramacher)
[2017-04-23] Accepted vlc 2.2.5-4 (source) into experimental (Sebastian Ramacher)
[2017-04-07] Accepted vlc 2.2.5-3 (source) into experimental (Sebastian Ramacher)
[2017-04-05] vlc 2.2.5-1 MIGRATED to testing (Debian testing watch)
[2017-03-23] Accepted vlc 2.2.5-2 (source) into experimental (Sebastian Ramacher)
[2017-03-19] Accepted vlc 2.2.5-1 (source) into unstable (Sebastian Ramacher)
[2017-02-27] vlc 2.2.4-14 MIGRATED to testing (Debian testing watch)
[2017-02-14] Accepted vlc 2.2.4-14 (source) into unstable (Sebastian Ramacher)
[2017-01-23] vlc 2.2.4-13 MIGRATED to testing (Debian testing watch)
[2017-01-11] Accepted vlc 2.2.4-13 (source) into unstable (Sebastian Ramacher)
[2017-01-03] Accepted vlc 2.2.4-12 (source) into unstable (Sebastian Ramacher)
[2016-12-29] vlc 2.2.4-11 MIGRATED to testing (Debian testing watch)
[2016-12-18] Accepted vlc 2.2.4-11 (source) into unstable (Sebastian Ramacher)
[2016-12-15] vlc 2.2.4-10 MIGRATED to testing (Debian testing watch)
[2016-12-04] Accepted vlc 2.2.4-10 (source) into unstable (Sebastian Ramacher)
[2016-11-27] vlc 2.2.4-9 MIGRATED to testing (Debian testing watch)
[2016-11-21] Accepted vlc 2.2.4-9 (source) into unstable (Sebastian Ramacher)
[2016-11-18] vlc 2.2.4-8 MIGRATED to testing (Debian testing watch)
[2016-11-04] Accepted vlc 2.2.4-8 (source) into unstable (Sebastian Ramacher)
[2016-10-26] vlc 2.2.4-7 MIGRATED to testing (Debian testing watch)
[2016-10-20] Accepted vlc 2.2.4-7 (source amd64 all) into unstable, unstable (Sebastian Ramacher)

bugs [bug history graph]

all: 50 55
RC: 0
I&N: 37 40
M&W: 13 15
F&P: 0

links

homepage
lintian (17, 0)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.2.6-2
89 bugs (2 patches)