Dapper is not supported anymore since July 2009, therefore I mark Dapper
status to invalid.
** Changed in: vlc (Ubuntu Dapper)
Status: New = Invalid
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member
** Branch linked: lp:ubuntu/karmic/vlc
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/vlc/hardy-security
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.
** Changed in: vlc (Ubuntu Gutsy)
Status: New = Won't Fix
--
vlc in Hardy needs a security update
Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued
for this release. Marking Feisty as Won't Fix.
** Changed in: vlc (Ubuntu Feisty)
Status: New = Won't Fix
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug
This bug was fixed in the package vlc -
0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1
---
vlc (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.1) hardy-security;
urgency=low
* SECURITY UPDATE: multiple denials of service, arbitrary code execution and
arbitrary file
Thanks for your debdiff William! I'm processing it now.
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
The right Hardy fix this time.
** Attachment added: hardy debdiff with CVE-2008-2430 fix
http://launchpadlibrarian.net/15990316/hardy-new.debdiff
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of
Hold the phone, VLC just release 0.8.6i stating that 0.8.6h and below
have a security vulnerability:
http://www.videolan.org/security/sa0806.html
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
That'd be:
- CVE-2008-2430: 3de60bf5b886ad81d7c05d68dff7a1ba461c0ac1
Already fixed in Debian, which I'm merging from, so will be in Intrepid
in a couple of minutes.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2430
--
vlc in Hardy needs a security update
This bug was fixed in the package vlc - 0.8.6.release.h-1ubuntu1
---
vlc (0.8.6.release.h-1ubuntu1) intrepid; urgency=low
* Merge from Debian unstable. (LP: #238873, #243450, #245563)
Remaining changes:
- Add PulseAudio support.
- Enable (and build-depend on) x264
** Attachment added: hardy debdiff with CVE-2008-2430 fix
http://launchpadlibrarian.net/15988726/hardy-new.debdiff
** Attachment removed: hardy debdiff with CVE-2008-2430 fix
http://launchpadlibrarian.net/15988726/hardy-new.debdiff
--
vlc in Hardy needs a security update
** Changed in: vlc (Ubuntu Intrepid)
Assignee: (unassigned) = William Grant (wgrant)
Status: Triaged = In Progress
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
Bugs, which is
William Grant [EMAIL PROTECTED] writes:
** Changed in: vlc (Ubuntu Intrepid)
Assignee: (unassigned) = William Grant (wgrant)
Status: Triaged = In Progress
FYI, I uploaded a new vlc to unstable today. You might want to merge
that package instead of doing the work independently.
--
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1881
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
Now to find changesets for all of them:
- CVE-2007-6681: 338264a2e56e3f780957817665b7ec8fa41dd6ff
- CVE-2007-6683: b426b192c7712eaa08c5f55d08ef648226d6d421
- CVE-2008-0073: 8c838a6fe5f3bdb4af4f5f73d7ac0206ea92e029
- CVE-2008-1489: 09572892df7e72c0d4e598c0b5e076cf330d8b0a
- CVE-2008-1686:
** Changed in: vlc (Ubuntu Hardy)
Assignee: (unassigned) = William Grant (wgrant)
Status: Triaged = In Progress
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Also, one more:
- CVE-2008-1768: 3a6282755277ba9321d405c635e50da935d258a6,
edca13e259472872fdfd456cf3ef4a21d1262c11,
783ab03c7bd8ddedcd3dc5bad18efc70a4c57aaa,
18eb4fd5a75b6429d1d7058a8967696be701a00b
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1768
--
vlc in Hardy
** Attachment added: hardy debdiff
http://launchpadlibrarian.net/15560151/hardy.debdiff
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
Considering the security vulnerabilities, this should really be marked
high or above.
Even from a general usability standpoint, e is one of the worst VLC
versions in recent memory. Numerous bugs related to AAC, mjpeg and
pretty much everything else. Loads of people report sound stuttering
while
Indeed, the status should be high. I'm not sure why it wasn't before.
** Changed in: vlc (Ubuntu Intrepid)
Importance: Medium = High
Status: Confirmed = Triaged
** Changed in: vlc (Ubuntu Hardy)
Importance: Undecided = High
Status: New = Triaged
--
vlc in Hardy needs a
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1382
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1423
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1420
** CVE removed: http://www.cve.mitre.org/cgi-
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2109
--
vlc in Hardy needs a security update
https://bugs.launchpad.net/bugs/238873
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
0.8.6f itself fixes CVE-2007-6681 (properly), CVE-2008-0073,
CVE-2008-1489 and CVE-2008-1769.
The Speex issue (CVE-2008-1686) is part of bug #218652, but I'll handle
it here.
VLC is so secure.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6681
** CVE added:
Changes between 0.8.6f and 0.8.6g
Security updates
* Removed VLC variable settings from Mozilla and ActiveX (CVE-2007-6683,
VideoLAN-SA-0804)
* Removed loading plugins from the current directory (CVE-2008-2147,
VideoLAN-SA-0805)
* Updated libpng on Windows and Mac OS X
25 matches
Mail list logo
