File _patchinfo of Package patchinfo.3452
<patchinfo incident="3452">
<issue id="914268" tracker="bnc">VUL-0: CVE-2014-9625: vlc: Buffer overflow in updater</issue>
<issue id="CVE-2014-9625" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>dimstar</packager>
<description>
vlc was updated to the current openSUSE Tumbleweed version.
live555 was also updated to the current openSUSE Tumbleweed version as a dependency.
Security issues fixed:
- Fix various buffer overflows and null ptr dereferencing (boo#914268,
CVE-2014-9625).
Other fixes:
- Enable SSE2 instruction set for x86_64
- Disable fluidsynth again: the crashes we had earlier are still
not all fixed. They are less, but less common makes it more
difficult to debug.
On openSUSE 13.1:
- Update to version 2.1.5:
+ Core: Fix compilation on OS/2.
+ Access: Stability improvements for the QTSound capture module.
+ Mac OS X audio output:
- Fix channel ordering.
- Increase the buffersize.
+ Decoders:
- Fix DxVA2 decoding of samples needing more surfaces.
- Improve MAD resistance to broken mp3 streams.
- Fix PGS alignment in MKV.
+ Qt Interface: Don't rename mp3 converted files to .raw.
+ Mac OS X Interface:
- Correctly support video-on-top.
- Fix video output event propagation on Macs with retina
displays.
- Stability improvements when using future VLC releases side by
side.
+ Streaming: Fix transcode when audio format changes.
+ Updated translations.
- Update to version 2.1.4:
+ Demuxers: Fix issue in WMV with multiple compressed payload and
empty payloads.
+ Video Output: Fix subtitles size rendering on Windows.
+ Mac OS X:
- Fix DVD playback regression.
- Fix misleading error message during video playback on
OS X 10.9.
- Fix hardware acceleration memleaks.
</description>
<summary>Security update for vlc</summary>
</patchinfo>