Univention Bugzilla – Bug 51544
vlc: Multiple issues (4.4)
Last modified: 2020-06-24 12:53:18 CEST
New Debian vlc 3.0.11-0+deb9u1 fixes: This update addresses the following issue: * A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. (CVE-2020-13428)
--- mirror/ftp/4.4/unmaintained/component/4.4-4-errata/source/vlc_3.0.10-0+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/vlc_3.0.11-0+deb9u1.dsc @@ -1,3 +1,9 @@ +3.0.11-0+deb9u1 [Mon, 15 Jun 2020 23:12:02 +0200] Sebastian Ramacher <sramacher@debian.org>: + + * New upstream release + - Fix heap-based buffer overflow in hxxx_nal (CVE-2020-13428) + * debian/patches: Drop patches integrated upstream + 3.0.10-0+deb9u1 [Wed, 29 Apr 2020 09:02:27 +0200] Sebastian Ramacher <sramacher@debian.org>: * New upstream release <http://10.200.17.11/4.4-4/#4033823145913842377>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-4] edd7765441 Bug #51544: vlc 3.0.11-0+deb9u1 doc/errata/staging/vlc.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.4/634.html>