Security update for vlc
This update for vlc to version 2.1.6 fixes the following issues:
These CVE were fixed:
- CVE-2016-5108: Reject invalid QuickTime IMA files (boo#984382).
- CVE-2016-3941: Heap overflow in processing wav files (boo#973354).
These security issues without were fixed:
- Fix heap overflow in decomp stream filter.
- Fix buffer overflow in updater.
- Fix potential buffer overflow in schroedinger encoder.
- Fix null-pointer dereference in DMO decoder.
- Fix buffer overflow in parsing of string boxes in mp4 demuxer.
- Fix SRTP integer overflow.
- Fix potential crash in zip access.
- Fix read overflow in Ogg demuxer.
-
Submitted by
Dominique Leuenberger (dimstar)
Fixed bugs
bnc#984382
VUL-0: vlc: Buffer Overflow in Processing QuickTime IMA Files (VideoLAN-SA-1601)
bnc#973354
VUL-0: CVE-2016-3941: vlc: Heap overflow in processing wav files
