Description Philipp Hahn 2018-07-03 14:13:41 CEST

New Debian vlc 3.0.2-0+deb9u1 fixes:
This update addresses the following issue(s):
* 

This update addresses the following issue(s):
* 
* In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. (CVE-2017-17670)

3.0.2-0+deb9u1 (Thu, 03 May 2018 20:55:01 +0200)
  * New upstream release following the LTS release branch.
    - Install vlc_interface.h.
    - Fix stuttering with ALSA output.
    - Fix CRC errors in some FLAC files.
    - Add support for Wayland.
    - Better support for HLS.
    - Update VLSub.
    - Fix issues with green borders.
  * Remove embedded copy of ffmpeg.
  * debian/: Adapt to vlc 3.0 packaging:
    - Drop ffmpeg build dependencies.
    - Remove unused build dependencies: libcdio-dev, libdirectfb-dev,
      libgles1-mesa-dev.
    - Add new build dependencies: bison, flex, libarchive-dev,
      libharfbuzz-dev, libmicrodns-dev, libmpg123-dev, libnfs-dev,
      libprotobuf-dev, libqt5svg5-dev, libsecret-1-dev, libsoxr-dev,
      libsystemd-dev, protobuf-compiler, wayland-protocols.
    - Drop vlc-plugin-sdl.
    - Turn vlc-plugin-zvbi into a transitional package.
    - Update Breaks+Replaces versions.
    - Remove patches integrated upstream.
    - Update copyright information.
    - Add new symbols.
    - Enable all hardening options.
    - Update configure flags for 3.0.
    - Update install files for new and removed plugins.