Overview

File _patchinfo of Package patchinfo.7294

<patchinfo incident="7294">
  <issue id="1057736" tracker="bnc">VLC depends on KDE4</issue>
  <issue id="1041907" tracker="bnc">VUL-0: CVE-2017-9300: vlc: Heap corruption via a crafted FLAC file.</issue>
  <issue id="2017-9300" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>dimstar</packager>
  <description>This update for vlc fixes several issues.

This security issue was fixed:

- CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of
  service or possibly have unspecified other impact via a crafted FLAC file
  (bsc#1041907).

These non-security issues were fixed:

- Stop depending on libkde4-devel: It's only used to find the
  install path for kde4, but configure falls back to the correct
  default for openSUSE anyway (boo#1057736).
- Disable vnc access module
</description>
  <summary>Security update for vlc</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places