| Summary: | VLC 3.0.10 (fixes CVE-2019-19721, CVE-2020-607[123789], and CVE-2020-6080) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, lists.jjorge, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK MGA7-32-OK | ||
| Source RPM: | vlc-3.0.8-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-04-10 00:29:49 CEST
VLC 3.0.10 has been released on April 22: https://www.videolan.org/developers/vlc-branch/NEWS Summary:
VLC 3.0.9.2 =>
VLC 3.0.10 Debian has issued an advisory on April 30: https://www.debian.org/security/2020/dsa-4671 3.0.9 apparently fixed several security issues in the microdns plugin. Summary:
VLC 3.0.10 =>
VLC 3.0.10 (fixes CVE-2020-607[123789] and CVE-2020-6080) Upstream advisory: https://www.videolan.org/security/sb-vlc309.html Jóse has built this update. Note that there are core and tainted builds. Updated packages in {core,tainted}/updates_testing: ======================== vlc-3.0.10-1.mga7 libvlc5-3.0.10-1.mga7 libvlccore9-3.0.10-1.mga7 libvlc-devel-3.0.10-1.mga7 vlc-plugin-common-3.0.10-1.mga7 vlc-plugin-zvbi-3.0.10-1.mga7 vlc-plugin-kate-3.0.10-1.mga7 vlc-plugin-libass-3.0.10-1.mga7 vlc-plugin-lua-3.0.10-1.mga7 vlc-plugin-ncurses-3.0.10-1.mga7 vlc-plugin-lirc-3.0.10-1.mga7 svlc-3.0.10-1.mga7 vlc-plugin-aa-3.0.10-1.mga7 vlc-plugin-sdl-3.0.10-1.mga7 vlc-plugin-shout-3.0.10-1.mga7 vlc-plugin-opengl-3.0.10-1.mga7 vlc-plugin-vdpau-3.0.10-1.mga7 vlc-plugin-projectm-3.0.10-1.mga7 vlc-plugin-theora-3.0.10-1.mga7 vlc-plugin-twolame-3.0.10-1.mga7 vlc-plugin-fluidsynth-3.0.10-1.mga7 vlc-plugin-gme-3.0.10-1.mga7 vlc-plugin-schroedinger-3.0.10-1.mga7 vlc-plugin-speex-3.0.10-1.mga7 vlc-plugin-flac-3.0.10-1.mga7 vlc-plugin-dv-3.0.10-1.mga7 vlc-plugin-mod-3.0.10-1.mga7 vlc-plugin-mpc-3.0.10-1.mga7 vlc-plugin-sid-3.0.10-1.mga7 vlc-plugin-sndio-3.0.10-1.mga7 vlc-plugin-pulse-3.0.10-1.mga7 vlc-plugin-jack-3.0.10-1.mga7 vlc-plugin-upnp-3.0.10-1.mga7 vlc-plugin-gnutls-3.0.10-1.mga7 vlc-plugin-libnotify-3.0.10-1.mga7 vlc-plugin-chromaprint-3.0.10-1.mga7 vlc-plugin-samba-3.0.10-1.mga7 from vlc-3.0.10-1.mga7.src.rpm Assignee:
shlomif =>
qa-bugs Suggested advisory : Latest VLC 3.0.10 fixes security problems and some bugs. with mkv files and hardware acceleration. Ref: https://www.videolan.org/security/sb-vlc309.html https://www.videolan.org/developers/vlc-branch/NEWS Status:
NEW =>
ASSIGNED Tested with an 2010 Intel GPU 64 bits. All works nicely. Fully tested with my Dell D600 laptop : Pentium M730, ATI Radeon Xpress 200. UDP french TV ok, mkv file ok. Validating 32 bits. Whiteboard:
MGA7-64-OK =>
MGA7-64-OK MGA7-32-OK Thank you, Gentlemen. Validating. Advisory in Comment 4. Keywords:
(none) =>
validated_update
Thomas Backlund
2020-05-08 11:41:45 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0203.html Resolution:
(none) =>
FIXED |