** Also affects: gnutls28 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1350356
Title:
vlc 2.1.5 is released, software upgrade is needed
To mana
Hi,
The vulnerability CVE 2014-3466 in GNUTLS has *not* been fixed in Trusty
(at time of writing the current stable release). It's been fixed in
libgnutls26, but not in libgnutls28 (which is what VLC actually uses) -
see:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1326779
Cheers,
D
The referenced CVEs were in libpng and in gnutls;
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0333.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3466.html
gnutls already had an update: http://www.ubuntu.com/usn/usn-2229-1/ and
the version of libpng we ship
