Univention Bugzilla – Bug 47479
vlc: Multiple issues (4.3)
Last modified: 2018-08-15 13:14:35 CEST
New Debian vlc 3.0.3-1-0+deb9u1 fixes: This update addresses the following issue(s): * * VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. (CVE-2018-11529) 3.0.3-1-0+deb9u1 (Wed, 18 Jul 2018 13:55:20 +0200) * New upstream bug fix release. - mkv: Fix NULL pointer access. (CVE-2018-11529) - Fix buffer over-read in avcodec audio encoding with non-default layouts. * debian/control: Force libvlc5 to be upgraded.
<http://10.200.17.11/4.3-1/vlc-plugin-base_3.0.3-1-0%2Bdeb9u1_amd64.piuparts> > Depends: libavcodec57 (>= 7:3.2.11) but 7:3.2.10-1~deb9u1 is to be installed [4.3-1] b2ee4ed694 Bug #47479: vlc 3.0.3-1-0+deb9u1 doc/errata/staging/vlc.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
OK: patches OK: piuparts <http://10.200.17.11/4.3-1/#3701014347878508005> OK: yaml OK: errata-announce vlc.yaml [4.3-1] b2ee4ed694 Bug #47479: vlc 3.0.3-1-0+deb9u1 doc/errata/staging/vlc.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/202.html>