Public bug reported:

Please sync libvdpau 1.1.1-3 (main) from Debian sid (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: privilege escalation when used in setuid or setgid
    applications
    - debian/patches/CVE-2015-5xxx.patch: use secure_getenv and protect
      against directory traversal in configure.ac, src/Makefile.am,
      src/mesa_dri2.c, src/util.h, src/vdpau_wrapper.c,
      trace/vdpau_trace.cpp.
    - CVE-2015-5198
    - CVE-2015-5199
    - CVE-2015-5200
  * SECURITY UPDATE: privilege escalation when used in setuid or setgid
    applications
    - debian/patches/CVE-2015-5xxx.patch: use secure_getenv and protect
      against directory traversal in configure.ac, src/Makefile.am,
      src/mesa_dri2.c, src/util.h, src/vdpau_wrapper.c,
      trace/vdpau_trace.cpp.
    - CVE-2015-5198
    - CVE-2015-5199
    - CVE-2015-5200

Debian package already include everything in the Ubuntu package.

Changelog entries since current xenial version 1.1-1ubuntu1:

libvdpau (1.1.1-3) unstable; urgency=medium

  [ Luca Boccassi ]
  * Cherry-pick patch for DRI_PRIME crash. (Closes: #802625)
  * Upload to unstable.

 -- Andreas Beckmann <a...@debian.org>  Thu, 29 Oct 2015 00:47:28 +0100

libvdpau (1.1.1-2) experimental; urgency=medium

  * Add vdpau-driver-all driver metapackage.  (Closes: #800657)
  * libvdpau1: Recommends: vdpau-driver-all | vdpau-driver.
  * Upload to experimental.

 -- Andreas Beckmann <a...@debian.org>  Thu, 08 Oct 2015 10:15:00 +0200

libvdpau (1.1.1-1) unstable; urgency=medium

  [ Andreas Beckmann ]
  * simplify d/rules

  [ Luca Boccassi ]
  * New upstream release.
    - Use secure_getenv(3) to improve security
      (CVE-2015-5198, CVE-2015-5199, CVE-2015-5200). Closes: #797895.
  * Do not check for pdftex, removed upstream
  * Add myself to Uploaders
  * Refresh dlopen-path patch, upstream changes
  * Refresh patch module-searchpath, upstream changes

 -- Luca Boccassi <luca.bocca...@gmail.com>  Thu, 03 Sep 2015 23:31:59
+0100

** Affects: libvdpau (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1512274

Title:
  Sync libvdpau 1.1.1-3 (main) from Debian sid (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvdpau/+bug/1512274/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to