[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
This bug was fixed in the package vlc - 2.0.3-0ubuntu0.12.04.1 --- vlc (2.0.3-0ubuntu0.12.04.1) precise-security; urgency=low * New bug-fixing upstream release (LP: #1025713). * SECURITY UPDATE: Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file. - CVE-2012-3377 vlc (2.0.2-2) unstable; urgency=low * Add missing epoch to libqt4-dev build dependency. * Drop libggi2-dev from build dependencies (not needed any more). (Closes: #680237) * The dependency ttf-freefont was renamed to fonts-freefont-ttf. vlc (2.0.2-1) unstable; urgency=medium [ Edward Wang ] * New upstream release (Closes: #679625, #664279, LP: #689122, #936488, #942126, #971106, #972615, #973051, #987231, #995003, #998538). - Fix Ogg Heap buffer overflow. Thanks to Hugo Beauzée-Luyssen * Add the crystalhd plugin to the vlc distribution. * libcaca_plugin.so now depends on X11 in this release, so it must be installed under vlc (versus vlc-nox). [ Reinhard Tartler ] * Urgency set to medium because a security issue is fixed in this release [ Benjamin Drung ] * Add new plugins to vlc-nox: - crystalhd (Linux amd64 and i386 only) - directfb - fbosd (Linux only) - omxil (Linux only) * Add build dependencies for new plugins. * Add new symbols to libvlccore5. * Switch to debhelper 8. -- Benjamin DrungTue, 24 Jul 2012 00:44:39 +0200 ** Changed in: vlc (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
I am using vlc 2.0.3-0ubuntu0.12.04.1 since nearly a week without noticing any regressions. No OMG Ubuntu! reader testing VLC [1] did report a regression. [1] http://www.omgubuntu.co.uk/2012/07/latest-stable-vlc-heading-to- ubuntu-12-04-help-test-it-now ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
When 2.0.1 wasn't installed and upgraded by 2.0.3 then the installation of 2.0.3 contents more packages and the version is displayed correctly. ~$ sudo apt-get install vlc/precise-proposed The following NEW packages will be installed: libcddb2 libcrystalhd3 libdvbpsi7 libebml3 libiso9660-8 libmatroska5 libresid-builder0c2a libsdl-image1.2 libsidplay2 libupnp3 libvcdinfo0 libvlc5 libvlccore5 vlc vlc-data vlc-nox vlc-plugin-notify vlc-plugin-pulse 0 upgraded, 18 newly installed, 0 to remove and 61 not upgraded. ~$ vlc --version VLC media player 2.0.3 Twoflower (revision 2.0.2-93-g77aa89e) VLC version 2.0.3 Twoflower (2.0.2-93-g77aa89e) Compiled by buildd on allspice.buildd (Jul 24 2012 22:39:22) Compiler: gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Please run "sudo apt-get install libvlc5/precise-proposed" and then retry "vlc --version". Your DVD playback related issue is unrelated to this SRU then. Please open a new bug report for it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Benjamin, yes all packages were installed and the DVD issue is also with 2.0.1. Rémi, I didn't attempt to play any DVD neither en- nor decrypted. So far the playlist is unusable since 12.04 and was fine in 11.10. It also doesn't open per media dialog, neither file nor directory. (Although 2.0.3 is installed it states 2.0.1) This is the output when attempting to open a file or directory per media dialog. ~$ vlc VLC media player 2.0.1 Twoflower (revision 2.0.1-0-gf432547) [0x20fabb8] dbus interface: listening on dbus as: org.mpris.MediaPlayer2.vlc [0x20a7138] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface. ## Purged 2.0.3 and installed 2.0.1 again to test the DVD mystery. ~$ vlc --version VLC media player 2.0.1 Twoflower (revision 2.0.1-0-gf432547) VLC version 2.0.1 Twoflower (2.0.1-0-gf432547) Compiled by buildd on crested.buildd (Apr 3 2012 18:33:14) Compiler: gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu3) ~$ vlc VLC media player 2.0.1 Twoflower (revision 2.0.1-0-gf432547) [0xe1cd68] dbus interface: listening on dbus as: org.mpris.MediaPlayer2.vlc [0xdc7138] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface. libdvdnav: Using dvdnav version 4.2.0 libdvdread: Encrypted DVD support unavailable. **** ** No css library available. See ** ** /usr/share/doc/libdvdread4/README.css ** ** for more information. ** **** libdvdread: Couldn't find device name. libdvdnav:DVDOpenFilePath:findDVDFile /VIDEO_TS/VIDEO_TS.IFO failed libdvdnav:DVDOpenFilePath:findDVDFile /VIDEO_TS/VIDEO_TS.BUP failed libdvdread: Can't open file VIDEO_TS.IFO. libdvdnav: vm: failed to read VIDEO_TS.IFO libdvdnav: Using dvdnav version 4.2.0 libdvdread: Encrypted DVD support unavailable. **** ** No css library available. See ** ** /usr/share/doc/libdvdread4/README.css ** ** for more information. ** **** libdvdread: Couldn't find device name. libdvdnav:DVDOpenFilePath:findDVDFile /VIDEO_TS/VIDEO_TS.IFO failed libdvdnav:DVDOpenFilePath:findDVDFile /VIDEO_TS/VIDEO_TS.BUP failed libdvdread: Can't open file VIDEO_TS.IFO. libdvdnav: vm: failed to read VIDEO_TS.IFO Killed. ## Enable proposed again and upgrade to 2.0.3. ~$ sudo apt-get install vlc/precise-proposed Reading package lists... Done Building dependency tree Reading state information... Done Selected version '2.0.3-0ubuntu0.12.04.1' (Ubuntu:12.04/precise-proposed [amd64]) for 'vlc' The following extra packages will be installed: libvlccore5 vlc-data vlc-nox vlc-plugin-notify vlc-plugin-pulse Suggested packages: videolan-doc The following packages will be upgraded: libvlccore5 vlc vlc-data vlc-nox vlc-plugin-notify vlc-plugin-pulse 6 upgraded, 0 newly installed, 0 to remove and 80 not upgraded. Need to get 0 B/13.7 MB of archives. After this operation, 2579 kB of additional disk space will be used. Do you want to continue [Y/n]? y (Reading database ... 196722 files and directories currently installed.) Preparing to replace vlc-plugin-pulse 2.0.1-4 (using .../vlc-plugin-pulse_2.0.3-0ubuntu0.12.04.1_amd64.deb) ... Unpacking replacement vlc-plugin-pulse ... Preparing to replace vlc-plugin-notify 2.0.1-4 (using .../vlc-plugin-notify_2.0.3-0ubuntu0.12.04.1_amd64.deb) ... Unpacking replacement vlc-plugin-notify ... Preparing to replace vlc-nox 2.0.1-4 (using .../vlc-nox_2.0.3-0ubuntu0.12.04.1_amd64.deb) ... Unpacking replacement vlc-nox ... Preparing to replace vlc 2.0.1-4 (using .../vlc_2.0.3-0ubuntu0.12.04.1_amd64.deb) ... Unpacking replacement vlc ... Preparing to replace libvlccore5 2.0.1-4 (using .../libvlccore5_2.0.3-0ubuntu0.12.04.1_amd64.deb) ... Unpacking replacement libvlccore5 ... Preparing to replace vlc-data 2.0.1-4 (using .../vlc-data_2.0.3-0ubuntu0.12.04.1_all.deb) ... Unpacking replacement vlc-data ... Processing triggers for man-db ... Processing triggers for bamfdaemon ... Rebuilding /usr/share/applications/bamf.index... Processing triggers for desktop-file-utils ... Processing triggers for gnome-menus ... Processing triggers for hicolor-icon-theme ... Setting up vlc-data (2.0.3-0ubuntu0.12.04.1) ... Setting up libvlccore5 (2.0.3-0ubuntu0.12.04.1) ... Setting up vlc-nox (2.0.3-0ubuntu0.12.04.1) ... Setting up vlc-plugin-pulse (2.0.3-0ubuntu0.12.04.1) ... Setting up vlc-plugin-notify (2.0.3-0ubuntu0.12.04.1) ... Setting up vlc (2.0.3-0ubuntu0.12.04.1) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place ~$ vlc --version VLC media player 2.0.1 Twoflower (revision 2.0.1-0-gf432547) VLC versio
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Playing an encrypted DVD without decryption library is not possible. This is not a regression. And bug 998729 is not supposed to be fixed by 2.0.3 update anyway. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Have you updated all vlc binary packages (like libvlc, vlc-data, and so on)? "vlc --version" should say VLC-Version 2.0.3 Twoflower (2.0.2-93-g77aa89e). Did this issue happened in the previous vlc version too or not (i.g. is it a regression)? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Installed from proposed. The terminal states the previous version in contrary to the "About" dialog (screenshot). ## bug 998729 is still present. I've attempt to open playlist -> My Computer -> My Music and double click on a folder which contents a few .mp3 and .ogg files. Result nothing happens. Try to close the playlist dialog with window button brings up 'force quit' dialog. VLC window disappears. The quit dialog on panel icon doesn't terminate, VLC needs to be killed by pid. Terminal output: vlc VLC media player 2.0.1 Twoflower (revision 2.0.1-0-gf432547) [0x2020bb8] dbus interface: listening on dbus as: org.mpris.MediaPlayer2.vlc [0x1fcd138] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface. libdvdnav: Using dvdnav version 4.2.0 libdvdread: Encrypted DVD support unavailable. **** ** No css library available. See ** ** /usr/share/doc/libdvdread4/README.css ** ** for more information. ** **** libdvdread: Couldn't find device name. libdvdnav:DVDOpenFilePath:findDVDFile /VIDEO_TS/VIDEO_TS.IFO failed libdvdnav:DVDOpenFilePath:findDVDFile /VIDEO_TS/VIDEO_TS.BUP failed libdvdread: Can't open file VIDEO_TS.IFO. libdvdnav: vm: failed to read VIDEO_TS.IFO libdvdnav: Using dvdnav version 4.2.0 libdvdread: Encrypted DVD support unavailable. **** ** No css library available. See ** ** /usr/share/doc/libdvdread4/README.css ** ** for more information. ** **** libdvdread: Couldn't find device name. libdvdnav:DVDOpenFilePath:findDVDFile /VIDEO_TS/VIDEO_TS.IFO failed libdvdnav:DVDOpenFilePath:findDVDFile /VIDEO_TS/VIDEO_TS.BUP failed libdvdread: Can't open file VIDEO_TS.IFO. libdvdnav: vm: failed to read VIDEO_TS.IFO Killed ## There is no DVD in the Music folder and no DVD at all on this computer. Should this be filed as a new bug? ~$ apt-cache policy vlc vlc: Installed: 2.0.3-0ubuntu0.12.04.1 Candidate: 2.0.3-0ubuntu0.12.04.1 Version table: *** 2.0.3-0ubuntu0.12.04.1 0 500 http://archive.ubuntu.com/ubuntu/ precise-proposed/universe amd64 Packages 100 /var/lib/dpkg/status 2.0.1-4 0 500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages ** Attachment added: "vlc2.0.3.png" https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+attachment/3237448/+files/vlc2.0.3.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
** Branch linked: lp:ubuntu/precise-proposed/vlc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Pocket copied vlc to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Thank you in advance! ** Tags removed: security-verification ** Tags added: verification-needed ** Changed in: vlc (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
This has now been uploaded to https://launchpad.net/~ubuntu-security- proposed/+archive/ppa/+packages ** This bug has been flagged as a security vulnerability ** Tags added: security-verification ** Changed in: vlc (Ubuntu Precise) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Reviewing the changelog, this looks like all bug fixes on Linux. ACK. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Benjamin pointed out that using the appropriate -v will gives all the bugs. I am preparing the upload to ubuntu-security-proposed now. ** Changed in: vlc (Ubuntu Precise) Assignee: Benjamin Drung (bdrung) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Ok, I have updated the CVE tracker with the information on CVE-2012-0904 and CVE-2012-2396. I agree with Bryce on adding the bug references to the changelog. Once that is done, please resubscribe ubuntu-security- sponsors and we'll build this in ubuntu-security-proposed (and if ubuntu-sru approves, copy to precise-proposed). ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0904 ** Changed in: vlc (Ubuntu Precise) Status: Triaged => In Progress ** Changed in: vlc (Ubuntu Precise) Assignee: (unassigned) => Benjamin Drung (bdrung) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0904 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
bdrung, you mentioned this fixed nine ubuntu bugs; which bug #'s are those? Might be worth including them in the changelog entry? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Added to this PPA: https://launchpad.net/~bryce/+archive/backports -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
I tried the exploit for CVE-2012-0904 [1]. VLC 2.0.1-4 did not crash. It failed to open the .amr file: [0x7f6a70c01bc8] avformat demux error: Could not open : Operation not permitted [0x7f6a70c01bc8] ps demux error: cannot peek [0x7f6aab78] main input error: no suitable demux module for `[...]/b00f.amr' [1] http://www.exploit-db.com/exploits/18309/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
CVE-2012-2396 is a security bug in taglib (that is fixed in taglib 1.7.2-1), but not in the vlc source code. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
CVE-2012-0904, CVE-2012-2396 and CVE-2012-3377 are listed as affecting precise, but the debdiff only mentions CVE-2012-3377. Can you comment on the other two? ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0904 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2396 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3377 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
Here's a debdiff against the quantal package for SRUing VLC to precise- security-proposed. ** Patch added: "vlc_2.0.3-0ubuntu0.12.04.1.debdiff" https://bugs.launchpad.net/ubuntu/quantal/+source/vlc/+bug/1025713/+attachment/3233494/+files/vlc_2.0.3-0ubuntu0.12.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1025713] Re: SRU request for VLC 2.0.2/2.0.3
I synced vlc 2.0.3-1 from Debian unstable to quantal. VLC 2.0.2 closes nine Launchpad bugs. I intend to request a MRE for VLC, but currently didn't find the time to do it. The test suite for VLC is small and currently not run when building the package. The test suite succeeds on a local build, but one test fails if it it is run in a chroot. Help on debugging it is appreciated. The test suite can be run by adding dh_auto_test to the override_dh_auto_test target. ** Changed in: vlc (Ubuntu Quantal) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
