File _patchinfo of Package patchinfo.10875
<patchinfo incident="10875">
<issue tracker="cve" id="2019-13962"/>
<issue tracker="cve" id="2019-5439"/>
<issue tracker="cve" id="2019-13602"/>
<issue tracker="cve" id="2019-5459"/>
<issue tracker="cve" id="2018-19857"/>
<issue tracker="cve" id="2019-12874"/>
<issue tracker="cve" id="2019-5460"/>
<issue tracker="bnc" id="1138354">VUL-0: CVE-2019-5439: vlc: A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.</issue>
<issue tracker="bnc" id="1141522">VUL-0: CVE-2019-13602: vlc: An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c allows remote attackers to cause a denial of service (heap-based buffer overflow and crash)</issue>
<issue tracker="bnc" id="1093732">vlc fails to build against Qt 5.11</issue>
<issue tracker="bnc" id="1143547">VUL-1: CVE-2019-5460: vlc: Double Free in VLC leads to a crash</issue>
<issue tracker="bnc" id="1138933">VUL-1: CVE-2019-12874: vlc: double free in zlib_decompress_extra in modules/demux/mkv/util.cpp</issue>
<issue tracker="bnc" id="1143549">VUL-1: CVE-2019-5459: vlc: integer underflow in VLC Media Player versions leads to an out-of-band read</issue>
<issue tracker="bnc" id="1133290">LTO: vlc build fails</issue>
<issue tracker="bnc" id="1118586">VUL-1: CVE-2018-19857: vlc: denial of service and/or a potential infoleak when processing magic cookies in CAF files via read memory from an uninitialized pointer</issue>
<issue tracker="bnc" id="1142161">VUL-1: CVE-2019-13962: vlc: lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.</issue>
<issue tracker="bnc" id="1094893">Bug in scriptlet vlc-qt-3.0.2-6.3.x86_64</issue>
<packager>dimstar</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for vlc</summary>
<description>This update for vlc to version 3.0.7.1 fixes the following issues:
Security issues fixed:
- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
- CVE-2019-5460: Fixed a double free (bsc#1143547).
- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).
- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).
Non-security issues fixed:
- Video Output:
* Fix hardware acceleration with some AMD drivers
* Improve direct3d11 HDR support
- Access:
* Improve Blu-ray support
- Audio output:
* Fix pass-through on Android-23
* Fix DirectSound drain
- Demux: Improve MP4 support
- Video Output:
* Fix 12 bits sources playback with Direct3D11
* Fix crash on iOS
* Fix midstream aspect-ratio changes when Windows hardware decoding is on
* Fix HLG display with Direct3D11
- Stream Output: Improve Chromecast support with new ChromeCast apps
- Misc:
* Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
* Work around busy looping when playing an invalid item with loop enabled
- Updated translations.
New package libaom:
* Initial version 1.0.0
* A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format
designed for video transmissions over the Internet.
This update was imported from the openSUSE:Leap:15.0:Update update project.</description>
</patchinfo>