-
vlc (1.0.6-1ubuntu1.8) lucid-security; urgency=low
* SECURITY UPDATE: Heap overflow in AVI demuxer (LP: #807488)
- debian/patches/CVE-2011-2588.patch: AVI: fix heap buffer overflow,
thanks to Rémi Denis-Courmont
- CVE-2011-2588
- VideoLAN-SA-1106
-- Benjamin Drung <email address hidden> Mon, 18 Jul 2011 16:15:19 +0200
-
vlc (1.0.6-1ubuntu1.7) lucid-security; urgency=low
* SECURITY UPDATE: Integer overflow in XSPF playlist parser (LP: #795410)
- debian/patches/fix-xspf-integer-overflow.patch: Fix realloc() integer
overflow, thanks to Rémi Denis-Courmont
- CVE-2011-2194
- VideoLAN-SA-1104
-- Benjamin Drung <email address hidden> Sat, 11 Jun 2011 21:29:56 +0200
-
vlc (1.0.6-1ubuntu1.6) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted width
- debian/patches/CVE-2010-327x.patch: limit video size to 8192x8192 in
src/video_output/video_output.c.
- CVE-2010-3275
- CVE-2010-3276
* SECURITY UPDATE: arbitrary code execution via mp4 file (LP: #756368)
- debian/patches/CVE-2011-1684.patch: fix buffer overflow in
modules/demux/mp4/libmp4.c.
- CVE-2011-1684
-- Marc Deslauriers <email address hidden> Wed, 13 Apr 2011 23:27:23 -0400
-
vlc (1.0.6-1ubuntu1.5) lucid-security; urgency=low
* SECURITY UPDATE: memory corruption, code execution (LP: #714089)
- debian/patches/mkv-input-validation.diff: Fix MKV improper input
validation, thanks to Steve Lhomme
- CVE-2011-0531
- VideoLAN-SA-1102
-- Benjamin Drung <email address hidden> Thu, 10 Feb 2011 00:00:19 +0100
-
vlc (1.0.6-1ubuntu1.4) lucid-security; urgency=low
* SECURITY UPDATE: heap overflow in CDG decoder (LP: #707154)
- debian/patches/cdg-heap-overflow.diff: Fix heap overflow in CDG
decoder, thanks to Dan Rosenberg
* SECURITY UPDATE: heap corruption in some XML based subtitles decoder
- debian/patches/xml-heap-corruption.diff: Handle early termination
properly in StripTags, thanks to Harry Sintonen
-- Benjamin Drung <email address hidden> Mon, 24 Jan 2011 22:59:31 +0100
-
vlc (1.0.6-1ubuntu1.3) lucid-security; urgency=low
* SECURITY UPDATE: Buffer overflow in Real demuxer (LP: #690173)
- modules/demux/real.c: Fix heap buffer overflow, thanks to Rémi
Denis-Courmont
- CVE-2010-3907
- VideoLAN-SA-1007
-- Benjamin Drung <email address hidden> Thu, 30 Dec 2010 01:14:56 +0100
-
vlc (1.0.6-1ubuntu1.2) lucid-security; urgency=low
* SECURITY UPDATE: Insufficient input validation in VLC TagLib plugin
(LP: #616510).
- debian/patches/CVE-2010-2937.patch: fix NULL deferences after dynamic
cast, thanks to Lukáš Lalinský
- CVE-2010-2937
-- Benjamin Drung <email address hidden> Tue, 17 Aug 2010 17:14:14 +0200
-
vlc (1.0.6-1ubuntu1.1) lucid-proposed; urgency=low
* debian/vlc{,-nox}.install:
- Move libx264 plugin from vlc to vlc-nox (LP: #575054).
* debian/control:
- Adjust vlc-nox Replaces field properly.
-- Alessio Treglia <email address hidden> Tue, 04 May 2010 14:17:27 +0200
-
vlc (1.0.6-1ubuntu1) lucid; urgency=low
* Merge from Debian unstable, remaining changes:
- build and install the libx264 plugin
- add Xb-Npp header to vlc package
- Add patches 519-526 to fix FTBFS with xulruner-1.9.2 from upstream
- Add 600-drop-OJI-xul-192.patch to drop OJI support as xulrunner-1.9.2 on
Linux doesn't support it
- Add apport hook to include more vlc dependencies in bug reports
- Drop --sourcedir=debian/tmp from dh_install to install apport hook
* Drop 527-spanish-desktop.patch (merged upstream).
vlc (1.0.6-1) unstable; urgency=low
* New upstream version 1.0.6
+ VideoLAN-SA-1003
+ Closes: #578799
+ LP: #408719, #464715, #465560, #502637, #525278, #542943, #568859
* RTMP access module has been removed (vlc-nox.install, NEWS.Debian)
* Remove patches merged upstream
-- Benjamin Drung <email address hidden> Fri, 23 Apr 2010 12:16:15 +0200
-
vlc (1.0.5-2ubuntu3) lucid; urgency=low
* debian/patches/527-spanish-desktop.patch: Add Spanish translation,
thanks Ricardo Pérez López (LP: #534312).
* Add apport hook to include more vlc dependencies in bug reports;
thanks to Brian Murray for it (LP: #538719).
* Drop --sourcedir=debian/tmp from dh_install to install apport hook.
-- Benjamin Drung <email address hidden> Thu, 15 Apr 2010 12:32:03 +0200
-
vlc (1.0.5-2ubuntu2) lucid; urgency=low
* Add patches to fix FTBFS with xulruner-1.9.2 from upstream (LP: #558981)
- add debian/patches/519-Typedef-changes-from-xulrunner-1.9.1.patch
- add debian/patches/520-Don-t-hardcode-OJI-define-deprecated-xith-libxul-1.9.patch
- add debian/patches/521-Untracked-API-change-utf8-to-UTF8.patch
- add debian/patches/522-Mozilla-do-not-hard-code-autoconf-file-descriptors.patch
- add debian/patches/523-Require-xul-1.9.2-explicitly.patch
- add debian/patches/524-Mozilla-More-fixes-for-XulRunner-1.9.2.patch
- add debian/patches/525-Mozilla-more-fixes.patch
- add debian/patches/526-Mozilla-More-final-Win32-compile-fixes-for-XulRunner.patch
* Add patch to drop OJI support as xulrunner-1.9.2 on Linux doesn't support it
- add debian/patches/600-drop-OJI-xul-192.patch
-- Micah Gersten <email address hidden> Tue, 13 Apr 2010 10:09:58 -0500
-
vlc (1.0.5-2ubuntu1) lucid; urgency=low
* Merge from Debian unstable, remaining changes:
- build and install the libx264 plugin
- add Xb-Npp header to vlc package
-- Benjamin Drung <email address hidden> Sun, 07 Mar 2010 16:26:55 +0100
-
vlc (1.0.5-1ubuntu1) lucid; urgency=low
* Merge from Debian unstable, remaining changes:
- build and install the libx264 plugin
- add Xb-Npp header to vlc package
-- Benjamin Drung <email address hidden> Wed, 17 Feb 2010 13:38:29 +0100
-
vlc (1.0.4-2ubuntu2) lucid; urgency=low
* rebuild for ffmpeg versioned symbols
-- Reinhard Tartler <email address hidden> Tue, 19 Jan 2010 21:40:22 +0100
-
vlc (1.0.4-2ubuntu1) lucid; urgency=low
* Merge from Debian unstable, remaining changes:
- build and install the libx264 plugin
- add Xb-Npp header to vlc package
-- Benjamin Drung <email address hidden> Wed, 06 Jan 2010 18:35:23 +0100
-
vlc (1.0.4-1ubuntu1) lucid; urgency=low
* merge from debian. Remaining changes:
- build and install the libx264 plugin
- add Xb-Npp header to vlc package
vlc (1.0.4-1) unstable; urgency=low
* New upstream release
+ According to upstream, no longer overlaps kde and xfce panels in
fullscreen mode, Closes: #562601, LP: #453173
[ Christophe Mutricy ]
* libavutil50 seems to be troublesome. Add it to bugs/control
* Add a vlc-plugin-svg package (Closes: #560009)
* Switch to xulrunner-dev (Closes: #555915)
* Activate the global hotkey module (Closes: #548916)
* Mention other maintainers and that the binaries are GPL v3 as we
link with LGPL v3 libraries (LP: #489093)
* Build-depend on a recent enough live555 to avoid comma vs. decimal
point problem (Closes: #539946)
[ Benjamin Drung ]
* Recommend vlc-plugin-pulse for vlc, so that pulse can be used as
default output.
[ Whoopie ]
* Enable CDDB in the CDDA module (LP: #439131)
* Enable DV support (LP: #392115)
[ Benjamin Drung ]
* Fix typos, that are reported by lintian.
* Sort confflags in debian/rules
* Split normal configure flags from feature configure flags
-- Reinhard Tartler <email address hidden> Wed, 30 Dec 2009 18:23:36 +0100
-
vlc (1.0.3-1ubuntu2) lucid; urgency=low
[ Reinhard Tartler ]
* don't crash when cairo-dock is running. LP: #416294
Very ugly patch from upstream to disable ARGB channel usage
in libqt4
* enable and install the fb module on Linux systems. Closes: #556228
[ Whoopie ]
* enable CDDB in the CDDA module (LP: #439131) and enable
globalhotkeys module (LP: #439077)
-- Reinhard Tartler <email address hidden> Sat, 21 Nov 2009 22:11:48 +0100
-
vlc (1.0.3-1ubuntu1) lucid; urgency=low
* Merge from Debian unstable (LP: #435524), remaining changes:
- build against xulrunner-dev instead of iceape-dev
- build against libx264-dev and install libx264 plugin
- add Xb-Npp header to vlc package
- recommend vlc-plugin-pulse for vlc
- backport patch "402_increase_pulseaudio_score.diff"
vlc (1.0.3-1) unstable; urgency=low
* New upstream release
[ Reinhard Tartler ]
* Decrease alsa buffer size. That improves the behaviour of the alsa output
module on pulseaudio system. But note that vlc-plugin-pulse provides a
native pulseaudio output module (Closes: #472811, LP: #243152)
[ Christophe Mutricy ]
* No longer need to build an extra libvlccore without altivec
* Add the upnp access module (LP: #172938)
* Activate the new udev SD module on linux archs
-- Reinhard Tartler <email address hidden> Thu, 12 Nov 2009 15:29:11 +0100
-
vlc (1.0.2-1ubuntu2) karmic; urgency=low
* PulseAudio: higher priority than ALSA, LP: #402018
-- Reinhard Tartler <email address hidden> Mon, 19 Oct 2009 21:19:26 +0200
