Overview

File _patchinfo of Package patchinfo.10847

<patchinfo incident="10847">
  <issue tracker="cve" id="2019-5439"/>
  <issue tracker="cve" id="2018-19857"/>
  <issue tracker="cve" id="2019-12874"/>
  <issue tracker="cve" id="2019-13602"/>
  <issue tracker="cve" id="2019-13962"/>
  <issue tracker="cve" id="2019-5459"/>
  <issue tracker="cve" id="2019-5460"/>
  <issue tracker="bnc" id="1141522">VUL-0: CVE-2019-13602: vlc: An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c allows remote attackers to cause a denial of service (heap-based buffer overflow and crash)</issue>
  <issue tracker="bnc" id="1142161">VUL-1: CVE-2019-13962: vlc: lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.</issue>
  <issue tracker="bnc" id="1118586">VUL-1: CVE-2018-19857: vlc: denial of service and/or a potential infoleak when processing magic cookies in CAF files via read memory from an uninitialized pointer</issue>
  <issue tracker="bnc" id="1143549">VUL-1: CVE-2019-5459: vlc: integer underflow in VLC Media Player versions leads to an out-of-band read</issue>
  <issue tracker="bnc" id="1138933">VUL-1: CVE-2019-12874: vlc: double free in zlib_decompress_extra in modules/demux/mkv/util.cpp</issue>
  <issue tracker="bnc" id="1138354">VUL-0: CVE-2019-5439: vlc: A Buffer Overflow in VLC Media Player &lt; 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.</issue>
  <issue tracker="bnc" id="1143547">VUL-1: CVE-2019-5460: vlc: Double Free in VLC leads to a crash</issue>
  <packager>dimstar</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for vlc</summary>
  <description>This update for vlc to version 3.0.7.1 fixes the following issues:

Security issues fixed:
	  
- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
- CVE-2019-5460: Fixed a double free (bsc#1143547).
- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).
- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).

Non-security issues fixed:

- Video Output:
  * Fix hardware acceleration with some AMD drivers
  * Improve direct3d11 HDR support
- Access:
  * Improve Blu-ray support
- Audio output:
  * Fix pass-through on Android-23
  * Fix DirectSound drain
- Demux: Improve MP4 support
- Video Output:
  * Fix 12 bits sources playback with Direct3D11
  * Fix crash on iOS
  * Fix midstream aspect-ratio changes when Windows hardware decoding is on
  * Fix HLG display with Direct3D11
- Stream Output: Improve Chromecast support with new ChromeCast apps
- Misc:
  * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
  * Work around busy looping when playing an invalid item with loop enabled
- Updated translations.

This update was imported from the openSUSE:Leap:15.1:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places