This bug was fixed in the package vlc - 2.0.3-0ubuntu0.12.04.1 --------------- vlc (2.0.3-0ubuntu0.12.04.1) precise-security; urgency=low
* New bug-fixing upstream release (LP: #1025713). * SECURITY UPDATE: Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file. - CVE-2012-3377 vlc (2.0.2-2) unstable; urgency=low * Add missing epoch to libqt4-dev build dependency. * Drop libggi2-dev from build dependencies (not needed any more). (Closes: #680237) * The dependency ttf-freefont was renamed to fonts-freefont-ttf. vlc (2.0.2-1) unstable; urgency=medium [ Edward Wang ] * New upstream release (Closes: #679625, #664279, LP: #689122, #936488, #942126, #971106, #972615, #973051, #987231, #995003, #998538). - Fix Ogg Heap buffer overflow. Thanks to Hugo Beauzée-Luyssen * Add the crystalhd plugin to the vlc distribution. * libcaca_plugin.so now depends on X11 in this release, so it must be installed under vlc (versus vlc-nox). [ Reinhard Tartler ] * Urgency set to medium because a security issue is fixed in this release [ Benjamin Drung ] * Add new plugins to vlc-nox: - crystalhd (Linux amd64 and i386 only) - directfb - fbosd (Linux only) - omxil (Linux only) * Add build dependencies for new plugins. * Add new symbols to libvlccore5. * Switch to debhelper 8. -- Benjamin Drung <bdr...@ubuntu.com> Tue, 24 Jul 2012 00:44:39 +0200 ** Changed in: vlc (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1025713 Title: SRU request for VLC 2.0.2/2.0.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs