r1180 - /unstable/vlc/debian/changelog

xtophe-guest at users.alioth.debian.org xtophe-guest at users.alioth.debian.org
Fri May 9 22:10:17 UTC 2008 

Author: xtophe-guest
Date: Fri May  9 22:10:17 2008
New Revision: 1180

URL: http://svn.debian.org/wsvn/pkg-multimedia/?sc=1&rev=1180
Log:
Acknowledge NMU by Nico Golde

Modified:
    unstable/vlc/debian/changelog

Modified: unstable/vlc/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/changelog?rev=1180&op=diff
==============================================================================
--- unstable/vlc/debian/changelog (original)
+++ unstable/vlc/debian/changelog Fri May  9 22:10:17 2008
@@ -1,12 +1,14 @@
-vlc (0.8.6.f-1) unstable; urgency=high
-
+vlc (0.8.6.f-1) UNRELEASED; urgency=medium
+
+  * Acknowledge NMU by Nico Golde. Thanks.
   * New security upstrem release
-    - Fix buffer overflow (CVE-2008-1881) (Closes: #477805, #477805)
-    - Fix out of bound array access (CVE-2008-1769) (Closes: #478140)
+    - Fix buffer overflow (CVE-2008-1881) 
+    - Fix out of bound array access (CVE-2008-1769)
     - Fix various integer overflow in MP4 demuxer, Cinepak, RTSP
-      (CVE-2008-1489, CVE-2008-1768) (Closes: #478140)
+      (CVE-2008-1489, CVE-2008-1768) 
     - Remove 105_min_mkv.patch, 400-CVE-2008-1489.diff and 
-      401-CVE-2008-0073.diff integrated upstream
+      401-CVE-2008-0073.diff, 402-CVE-2008-1881, 403-CVE-2008-1768.diff 
+      and 404-CVE-2008-1881 integrated upstream
     
   * Patches taken from upstream git
     - 400_oCERT-2008-004.patch: Fix insufficient boundary checking in speex
@@ -18,6 +20,19 @@
     (Closes: #477543, #477545)
 
  -- Christophe Mutricy <xtophe at videolan.org>  Sat, 26 Apr 2008 23:46:44 +0100
+
+vlc (0.8.6.e-2.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * This update addresses the following security issues:
+    - CVE-2008-1769: out-of-bounds array access and memory corruption
+      via a crafted cinepak file (Closes: #478140).
+    - CVE-2008-1768: multiple integer overflow triggering buffer overflows
+      in the mp4 and real demuxer and the cinepak codec (Closes: #478140).
+    - CVE-2008-1881: stack-based buffer overflow in subtitle parsing leading
+      to arbitrary code execution via crafted subtitle file (Closes: #477805).
+
+ -- Nico Golde <nion at debian.org>  Sun, 27 Apr 2008 16:17:49 +0200
 
 vlc (0.8.6.e-2) unstable; urgency=high

More information about the pkg-multimedia-commits mailing list