[Buildroot] [PATCH 2/2] package/vlc: security bump version to 3.0.8

Peter Korsgaard peter at korsgaard.com
Mon Sep 2 15:55:26 UTC 2019


>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:

 > Release notes: https://www.videolan.org/developers/vlc-branch/NEWS
 > Fixes the following security bugs:
 >  * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
 >  * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
 >  * Fix a read buffer overflow in the FAAD decoder
 >  * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
 >  * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
 >  * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
 >  * Fix a use after free in the ASF demuxer (CVE-2019-14533)
 >  * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
 >  * Fix a null dereference in the dvdnav demuxer
 >  * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
 >  * Fix a null dereference in the AVI demuxer
 >  * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
 >  * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

 > Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>

Committed to 2019.02.x and 2019.05.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list