[Buildroot] [PATCH 2/2] package/vlc: security bump version to 3.0.8
Peter Korsgaard
peter at korsgaard.com
Mon Sep 2 15:55:26 UTC 2019
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:
> Release notes: https://www.videolan.org/developers/vlc-branch/NEWS
> Fixes the following security bugs:
> * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
> * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
> * Fix a read buffer overflow in the FAAD decoder
> * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
> * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
> * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
> * Fix a use after free in the ASF demuxer (CVE-2019-14533)
> * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
> * Fix a null dereference in the dvdnav demuxer
> * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
> * Fix a null dereference in the AVI demuxer
> * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
> * Fix a division by zero in the ASF demuxer (CVE-2019-14535)
> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Committed to 2019.02.x and 2019.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list