[SCM] vlc/squeeze: Imported Debian patch 1.1.3-1squeeze4
xtophe-guest at users.alioth.debian.org
xtophe-guest at users.alioth.debian.org
Tue Jul 19 20:15:59 UTC 2011
The following commit has been merged in the squeeze branch:
commit 97942946d4a03022b6518b8be03e5a145e85e338
Author: Moritz Muehlenhoff <jmm at debian.org>
Date: Sun Apr 3 19:54:46 2011 +0000
Imported Debian patch 1.1.3-1squeeze4
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 845ca06..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-.pc
diff --git a/debian/.gitignore b/debian/.gitignore
deleted file mode 100644
index 71ca1de..0000000
--- a/debian/.gitignore
+++ /dev/null
@@ -1,13 +0,0 @@
-*.debhelper*
-tmp/
-vlc/
-vlc-nox/
-libvlc2/
-libvlccore2/
-libvlc-dev/
-libvlccore-dev/
-vlc-plugin-*/
-mozilla-plugin-vlc/
-vlc-data/
-vlc-dbg/
-*.kfreebsd*
diff --git a/debian/changelog b/debian/changelog
index c08ee38..2627988 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vlc (1.1.3-1squeeze4) stable-security; urgency=high
+
+ * CVE-2010-3275/CVE-2010-3276
+
+ -- Moritz Muehlenhoff <jmm at debian.org> Sun, 03 Apr 2011 19:54:46 +0000
+
vlc (1.1.3-1squeeze3) stable-security; urgency=high
* Fix MKV improper input validation
diff --git a/debian/patches/CVE-2010-3275-CVE-2010-3276.diff b/debian/patches/CVE-2010-3275-CVE-2010-3276.diff
new file mode 100644
index 0000000..504c9ff
--- /dev/null
+++ b/debian/patches/CVE-2010-3275-CVE-2010-3276.diff
@@ -0,0 +1,26 @@
+From fe44129dc6509b3347113ab0e1a0524af1e0dd11 Mon Sep 17 00:00:00 2001
+From: Jean-Baptiste Kempf <jb at videolan.org>
+Date: Sat, 12 Feb 2011 21:56:44 +0100
+Subject: [PATCH] Consider too large width/height as invalid.
+
+Idea taken from ebced314439f16e0d4dd8406ed0488f1677fa65f in master
+---
+ src/video_output/video_output.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/video_output/video_output.c b/src/video_output/video_output.c
+index a6225bb..edf7d23 100644
+--- a/src/video_output/video_output.c
++++ b/src/video_output/video_output.c
+@@ -297,7 +297,7 @@ vout_thread_t * vout_Create( vlc_object_t *p_parent, video_format_t *p_fmt )
+ char *psz_parser;
+ char *psz_name;
+
+- if( i_width <= 0 || i_height <= 0 )
++ if( i_width <= 0 || i_height <= 0 || i_width > 8192 || i_height > 8192 )
+ return NULL;
+
+ vlc_ureduce( &p_fmt->i_sar_num, &p_fmt->i_sar_den,
+--
+1.7.2.5
+
diff --git a/debian/patches/series b/debian/patches/series
index 8b791ca..5233a50 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ CVE-2010-3907.diff
cdg-heap-overflow.diff
xml-heap-corruption.diff
mkv-input-validation.diff
+CVE-2010-3275-CVE-2010-3276.diff
diff --git a/debian/source/local-options b/debian/source/local-options
deleted file mode 100644
index 4aceb10..0000000
--- a/debian/source/local-options
+++ /dev/null
@@ -1 +0,0 @@
-unapply-patches
diff --git a/modules/demux/dummy.cpp b/modules/demux/dummy.cpp
new file mode 100644
index 0000000..e69de29
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list