Bug#930276: marked as done (vlc: multiple vulnerabilities fixed in 3.0.7 release)

[Debian Bug Tracking System]

Your message dated Tue, 18 Jun 2019 21:50:15 +0000
with message-id <e1hdlzb-000brn...@fasolo.debian.org>
and subject line Bug#930276: fixed in vlc 3.0.7-0+deb9u1
has caused the Debian Bug report #930276,
regarding vlc: multiple vulnerabilities fixed in 3.0.7 release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
930276: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930276
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: vlc
Version: 3.0.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
Control: fixed -1 3.0.7-1
Control: found -1 3.0.6-0+deb9u1

Hi

Given there are no CVEs for the repsective issues (so far) add a
single tracking bug in the BTS to get a reference, fixed already in
3.0.7-1 in unstable:

 vlc (3.0.7-1) unstable; urgency=high
 .
   * New upstream release.
     - Fix multiple integer overflows.
     - Fix multiple buffer overflows.
     - Fix use-after-free issue.
     - Fix NULL pointer dereference.
     - Fix other memory access bugs and infinite loops.
   * debian/rules: Be explicit about --enable-debug/disable-debug.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: vlc
Source-Version: 3.0.7-0+deb9u1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 930...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramac...@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 09 Jun 2019 22:00:27 +0200
Source: vlc
Binary: vlc libvlc-dev libvlc5 libvlccore-dev libvlccore9 libvlc-bin vlc-bin 
vlc-data vlc-l10n vlc-plugin-base vlc-plugin-access-extra 
vlc-plugin-video-output vlc-plugin-video-splitter vlc-plugin-visualization 
vlc-plugin-skins2 vlc-plugin-qt vlc-plugin-fluidsynth vlc-plugin-jack 
vlc-plugin-notify vlc-plugin-svg vlc-plugin-samba vlc-nox vlc-plugin-zvbi
Architecture: source
Version: 3.0.7-0+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Multimedia Maintainers 
<pkg-multimedia-maintain...@lists.alioth.debian.org>
Changed-By: Sebastian Ramacher <sramac...@debian.org>
Description:
 libvlc-bin - tools for VLC's base library
 libvlc-dev - development files for libvlc
 libvlc5    - multimedia player and streamer library
 libvlccore-dev - development files for libvlccore
 libvlccore9 - base library for VLC and its modules
 vlc        - multimedia player and streamer
 vlc-bin    - binaries from VLC
 vlc-data   - Common data for VLC
 vlc-l10n   - Translations for VLC
 vlc-nox    - transitional dummy package
 vlc-plugin-access-extra - multimedia player and streamer (extra access plugins)
 vlc-plugin-base - multimedia player and streamer (base plugins)
 vlc-plugin-fluidsynth - FluidSynth plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-notify - LibNotify plugin for VLC
 vlc-plugin-qt - multimedia player and streamer (Qt plugin)
 vlc-plugin-samba - Samba plugin for VLC
 vlc-plugin-skins2 - multimedia player and streamer (Skins2 plugin)
 vlc-plugin-svg - SVG plugin for VLC
 vlc-plugin-video-output - multimedia player and streamer (video output plugins)
 vlc-plugin-video-splitter - multimedia player and streamer (video splitter 
plugins)
 vlc-plugin-visualization - multimedia player and streamer (visualization 
plugins)
 vlc-plugin-zvbi - transitional dummy package
Closes: 930276
Changes:
 vlc (3.0.7-0+deb9u1) stretch-security; urgency=medium
 .
   * New upstream bug fix release. (Closes: #930276)
     - Fix multiple integer overflows.
     - Fix multiple buffer overflows.
     - Fix use-after-free issue.
     - Fix NULL pointer dereference.
     - Fix other memory access bugs and infinite loops.
   * debian/patches: Removed, included upstream.
Checksums-Sha1:
 fc6d94d4a9bebc84da1b7fb22ac303f1d0095f09 6436 vlc_3.0.7-0+deb9u1.dsc
 8c9f96a11199e813ec718c3d1885501a557e336f 26059760 vlc_3.0.7.orig.tar.xz
 30a674e9c43acd46f54da004274cf7b642aa45f8 195 vlc_3.0.7.orig.tar.xz.asc
 aa21a1aee81bf2e5d4d39818fcdfd49b6665f7e4 63152 vlc_3.0.7-0+deb9u1.debian.tar.xz
Checksums-Sha256:
 e53acf5ca79a6d10d426af015f71d2e86ae9b078153c60acb0fa82b7f069f907 6436 
vlc_3.0.7-0+deb9u1.dsc
 5cb5fe140f0f4bae3e0a613fb5f516270f62e2dbde6de27fa78ea9f43cd73916 26059760 
vlc_3.0.7.orig.tar.xz
 c0a69c9c4a88538456944e7f22957237b7002afe7ae2e19fe0c9fc4b3d12c20f 195 
vlc_3.0.7.orig.tar.xz.asc
 6f861c3361bcca177275bc770b230f3a24b12648b837f820d060227d8ebcb0f9 63152 
vlc_3.0.7-0+deb9u1.debian.tar.xz
Files:
 a15050b009bc5c85518c85cb8e535cb6 6436 video optional vlc_3.0.7-0+deb9u1.dsc
 230932ec40185856af28f82ec2e38b8a 26059760 video optional vlc_3.0.7.orig.tar.xz
 33997ae674c192df171f1c4868aba7ac 195 video optional vlc_3.0.7.orig.tar.xz.asc
 bcf314eb53588ee587254acaab29c848 63152 video optional 
vlc_3.0.7-0+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAlz9Z5MACgkQafL8UW6n
GZNwyQ//ePfs+cOtdLAEaTOwtyCDWBYV+Gw+SREzKtteVjAb9Lz9pP3tVk249eVW
KdrxBWaBQpytH3PAqKapJOMBy6QIuB0ytIzoVQmyppf4m9vL/h/O4hWC3xyIlwL5
Qed5Ix0qGd5eJ1B6yl3Dbg7M+77tn+AssAXziAYyvOJ0n3FjvgKKEZXegujSMjdp
k9liex5qhJuS/FUzz6vdY0rEPnC5fqC9aNG50Q4vVGzsT/hlPM8zS6f3oG+rfMzk
CPvEwNKYGCO7iCIOBcIYFmkiC56kzyV8YQ9q9+DpSfqVB6teEWXtnJKdkurL8Apo
+luhZ97ORiDvuRR954g39H2qYt1GEq/KPbWbIyoSdzflAhO9FcYAnJtn7apgMJIU
92e8DKU8jagOCJCh6ny6J65WNy0cS0sfY1rizEfcLfStC0Hp/fSTxXaMDLDJMYA5
pbsNeU7jjG2/yLnA3N5vyaO69N9Xjom6/+Go1e1pWNLwqjXnJaR13bbJkrh+2f80
B/wBpj2rFD+0cGT9xkpdTNF3G225PJ54W71V9rc6V9Z0sqocXnB/kgj0SNbgZECz
lNBwirRCMObxNcXQ7dZxOoU2yQuDxHRbR7KgPmA+IoyO4bXwv08sHE1HsC1q82Ct
HaflFYImM9S4k5RkYFGAcGfEQK1AFFikCxrnji8P7oko16mtERk=
=aO0R
-----END PGP SIGNATURE-----

--- End Message ---