Bug 3019

Summary: Security update for vlc to 1.1.12
Product: Mageia Reporter: Dave Hodgins <davidwhodgins>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: LpSolit, pham182b, stormi-mageia, sysadmin-bugs, tmb
Version: 1Keywords: Security, validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://www.h-online.com/security/news/item/VLC-Media-Player-1-1-12-closes-security-hole-1358606.html
Whiteboard:
Source RPM: vlc CVE:
Status comment:

Description Dave Hodgins 2011-10-11 19:22:31 CEST 
Minor security update for vlc (vulnerability in the HTTP and RTSP server component used by VLC), that could cause the program to crash.

No cve that I've seen.
Dave Hodgins 2011-10-11 19:22:48 CEST

Keywords: (none) => Security

Manuel Hiebel 2011-10-11 21:34:50 CEST

Component: RPM Packages => Security
Source RPM: vlc-1.1.11-0.1.mga1.tainted.src.rpm => vlc

Comment 1 Thomas Backlund 2011-10-12 14:17:23 CEST 
CVE-2011-3333:
http://www.videolan.org/security/sa1107.html

CC: (none) => tmb

Comment 2 Samuel Verschelde 2011-10-12 14:29:41 CEST 
see also bug #2267

CC: (none) => stormi

Remco Rijnders 2011-10-12 17:07:20 CEST

Assignee: bugsquad => shlomif

Comment 3 Shlomi Fish 2011-10-13 15:06:28 CEST 
VLC-1.1.12 is now in Mageia 1's updates_testing.
Comment 4 Shlomi Fish 2011-10-13 16:44:14 CEST 
Update Mageia 1 to VLC-1.1.12 , see the above comments and:

CVE-2011-3333:
http://www.videolan.org/security/sa1107.html

Assignee: shlomif => qa-bugs

Comment 5 Frédéric "LpSolit" Buclin 2011-10-14 13:52:24 CEST 
As I said in bug 2267, the sync problem seen with vlc 1.1.11 is fixed in 1.1.12.

CC: (none) => LpSolit

Comment 6 claire robinson 2011-10-14 19:30:28 CEST 
This is missing a tainted build Shlomi, previous versions have had one.
Comment 7 Dave Hodgins 2011-10-15 21:32:52 CEST 
The i586 testing completed for the srpms
vlc-1.1.12-3.1.mga1.src.rpm
vlc-1.1.12-3.1.mga1.tainted.src.rpm

Same video and audio files used for testing, as the recent mplayer
update.

Advisory:
This security update for vlc corrects CVE-2011-3333, vulnerability in
the HTTP and RTSP server component used by VLC, that could cause the
program to crash.
Comment 8 Frédéric "LpSolit" Buclin 2011-10-16 15:45:55 CEST 
I suggest we also mention the sync issue found in 1.1.11.
Comment 9 Dave Hodgins 2011-10-18 00:05:41 CEST 
We still need an x86-64 bit tester.

Advisory:
This security update for vlc corrects CVE-2011-3333, vulnerability in
the HTTP and RTSP server component used by VLC, that could cause the
program to crash.

https://bugs.mageia.org/show_bug.cgi?id=3019

The update also fixes an audio/video sync problem.

https://bugs.mageia.org/show_bug.cgi?id=2267
Comment 10 Luan Pham 2011-10-18 05:27:09 CEST 
Look like this release work fine on x86_64 for Mageia 1 installation.  I test with DVD and Video files, and every time VLC play these files type okay.

CC: (none) => pham182b

Comment 11 Dave Hodgins 2011-10-18 09:14:45 CEST 
Can someone from the sysadmin team push the srpms
vlc-1.1.12-3.1.mga1.src.rpm
from Core Updates testing to Core Updates, and
vlc-1.1.12-3.1.mga1.tainted.src.rpm
from Tainted Updates Testing to Tainted updates.

Advisory:
This security update for vlc corrects CVE-2011-3333, a vulnerability
in the HTTP and RTSP server component used by VLC, that could cause
the program to crash.
https://bugs.mageia.org/show_bug.cgi?id=3019

The update also fixes an audio/video sync problem.
https://bugs.mageia.org/show_bug.cgi?id=2267

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 12 Thomas Backlund 2011-10-19 21:20:37 CEST 
Update pushed.

Status: NEW => RESOLVED
Resolution: (none) => FIXED