Context Navigation

← Previous Ticket
Next Ticket →

#12415 closed enhancement (fixed)

vlc-3.0.8

Reported by:	Bruce Dubbs	Owned by:	blfs-book
Priority:	high	Milestone:	9.0
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description

New point version.

Change History (6)

comment:1 by Douglas R. Reno, 5 years ago

Priority:	normal → high

Changes between 3.0.7.1 and 3.0.8:
----------------------------------

Core:
 * Fix stuttering for low framerate videos

Demux:
 * Fix channel ordering in some MP4 files
 * Fix glitches in TS over HLS
 * Add real probing of HLS streams
 * Fix HLS MIME type fallback

Decoder:
 * Fix WebVTT subtitles rendering

Stream filter:
 * Improve network buffering

Misc:
 * Update Youtube script

Audio Output:
 * macOS/iOS: Fix stuttering or blank audio when starting or seeking when using
   external audio devices (bluetooth for example)
 * macOS: Fix AV synchronization when using external audio devices

Video Output:
 * Direct3D11: Fix hardware acceleration for some AMD drivers

Stream output:
 * Fix transcoding when the decoder does not set the chroma

Security:
 * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
 * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
 * Fix a read buffer overflow in the FAAD decoder
 * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
 * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
 * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
 * Fix a use after free in the ASF demuxer (CVE-2019-14533)
 * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
 * Fix a null dereference in the dvdnav demuxer
 * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
 * Fix a null dereference in the AVI demuxer
 * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
 * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

Contribs:
 * Update to a newer libmodplug version (0.8.9.0)

Fixes *15* Security Vulnerabilities

Should we bring this back into 9.0?

follow-up: 3 comment:2 by Douglas R. Reno, 5 years ago

https://www.bleepingcomputer.com/news/security/vlc-media-player-308-released-with-13-security-fixes/

We should probably update this.

in reply to: 2 comment:3 by Bruce Dubbs, 5 years ago

Replying to renodr:

https://www.bleepingcomputer.com/news/security/vlc-media-player-308-released-with-13-security-fixes/

We should probably update this.

We can do this. The only references are in phonon-backend-vlc (tagged) and libreoffice (not yet tagged).

comment:4 by Douglas R. Reno, 5 years ago

Milestone:	9.1 → 9.0

comment:5 by Douglas R. Reno, 5 years ago

Are there any objections if I take this?

comment:6 by Bruce Dubbs, 5 years ago

Resolution:	→ fixed
Status:	new → closed

Fixed at revision 22018.

Note: See TracTickets for help on using tickets.

Download in other formats: