File _patchinfo of Package patchinfo.3452

<patchinfo incident="3452">
  <issue id="914268" tracker="bnc">VUL-0: CVE-2014-9625: vlc: Buffer overflow in updater</issue>
  <issue id="CVE-2014-9625" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>dimstar</packager>
  <description>
vlc was updated to the current openSUSE Tumbleweed version.

live555 was also updated to the current openSUSE Tumbleweed version as a dependency.

Security issues fixed:
- Fix various buffer overflows and null ptr dereferencing (boo#914268,
  CVE-2014-9625).

Other fixes:
- Enable SSE2 instruction set for x86_64

- Disable fluidsynth again: the crashes we had earlier are still
  not all fixed. They are less, but less common makes it more
  difficult to debug.

On openSUSE 13.1:
- Update to version 2.1.5:
  + Core: Fix compilation on OS/2.
  + Access: Stability improvements for the QTSound capture module.
  + Mac OS X audio output:
    - Fix channel ordering.
    - Increase the buffersize.
  + Decoders:
    - Fix DxVA2 decoding of samples needing more surfaces.
    - Improve MAD resistance to broken mp3 streams.
    - Fix PGS alignment in MKV.
  + Qt Interface: Don't rename mp3 converted files to .raw.
  + Mac OS X Interface:
    - Correctly support video-on-top.
    - Fix video output event propagation on Macs with retina
      displays.
    - Stability improvements when using future VLC releases side by
      side.
  + Streaming: Fix transcode when audio format changes.
  + Updated translations.

- Update to version 2.1.4:
  + Demuxers: Fix issue in WMV with multiple compressed payload and
    empty payloads.
  + Video Output: Fix subtitles size rendering on Windows.
  + Mac OS X:
    - Fix DVD playback regression.
    - Fix misleading error message during video playback on
      OS X 10.9.
    - Fix hardware acceleration memleaks.
</description>
  <summary>Security update for vlc</summary>
</patchinfo>
openSUSE Build Service is sponsored by