Opened 5 years ago

Closed 5 years ago

#12415 closed enhancement (fixed)

vlc-3.0.8

Reported by: Bruce Dubbs Owned by: blfs-book
Priority: high Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (6)

comment:1 by Douglas R. Reno, 5 years ago

Priority: normalhigh
Changes between 3.0.7.1 and 3.0.8:
----------------------------------

Core:
 * Fix stuttering for low framerate videos

Demux:
 * Fix channel ordering in some MP4 files
 * Fix glitches in TS over HLS
 * Add real probing of HLS streams
 * Fix HLS MIME type fallback

Decoder:
 * Fix WebVTT subtitles rendering

Stream filter:
 * Improve network buffering

Misc:
 * Update Youtube script

Audio Output:
 * macOS/iOS: Fix stuttering or blank audio when starting or seeking when using
   external audio devices (bluetooth for example)
 * macOS: Fix AV synchronization when using external audio devices

Video Output:
 * Direct3D11: Fix hardware acceleration for some AMD drivers

Stream output:
 * Fix transcoding when the decoder does not set the chroma

Security:
 * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
 * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
 * Fix a read buffer overflow in the FAAD decoder
 * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438)
 * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
 * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
 * Fix a use after free in the ASF demuxer (CVE-2019-14533)
 * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
 * Fix a null dereference in the dvdnav demuxer
 * Fix a null dereference in the ASF demuxer (CVE-2019-14534)
 * Fix a null dereference in the AVI demuxer
 * Fix a division by zero in the CAF demuxer (CVE-2019-14498)
 * Fix a division by zero in the ASF demuxer (CVE-2019-14535)

Contribs:
 * Update to a newer libmodplug version (0.8.9.0)

Fixes *15* Security Vulnerabilities

Should we bring this back into 9.0?

in reply to:  2 comment:3 by Bruce Dubbs, 5 years ago

Replying to renodr:

https://www.bleepingcomputer.com/news/security/vlc-media-player-308-released-with-13-security-fixes/

We should probably update this.

We can do this. The only references are in phonon-backend-vlc (tagged) and libreoffice (not yet tagged).

comment:4 by Douglas R. Reno, 5 years ago

Milestone: 9.19.0

comment:5 by Douglas R. Reno, 5 years ago

Are there any objections if I take this?

comment:6 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: newclosed

Fixed at revision 22018.

Note: See TracTickets for help on using tickets.