Source: vlc
Version: 3.0.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: fixed -1 3.0.7-1
Control: found -1 3.0.6-0+deb9u1
Hi
Given there are no CVEs for the repsective issues (so far) add a
single tracking bug in the BTS to get a reference, fixed already in
3.0.7-1 in unstable:
vlc (3.0.7-1) unstable; urgency=high
.
* New upstream release.
- Fix multiple integer overflows.
- Fix multiple buffer overflows.
- Fix use-after-free issue.
- Fix NULL pointer dereference.
- Fix other memory access bugs and infinite loops.
* debian/rules: Be explicit about --enable-debug/disable-debug.
Regards,
Salvatore
