+++ This bug was initially created as a clone of Bug #15381 +++ VLC 2.1.6 and 2.2.0 have been released. The NEWS for 2.1.6 says: Changes between 2.1.5 and 2.1.6: -------------------------------- Audio output: * Fix OSS stuttering Security: * Fix heap overflow in decomp stream filter * Fix buffer overflow in updater * Fix potential buffer overflow in schroedinger encoder * Fix null-pointer dereference in DMO decoder * Fix buffer overflow in parsing of string boxes in mp4 demuxer * Fix SRTP integer overflow * Fix potential crash in zip access * Fix read overflow in Ogg demuxer Win32 installer: * Update translations and greek encoding I think we fixed most of those security issues in Bug 15195, but it doesn't look like the decomp stream filter, zip access, or Ogg demuxer fixes are there. The SRTP thing might be different from the rtp streaming invalid memory access too, so we might also be missing that. We should update Mageia 4 to 2.1.6. We should update Mageia 5 to 2.2.0 final. You can see the changes since our February 13th's snapshot in git here: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=summary Not sure if we'll be able to get that in now or if we'll have to do it post-release. Reproducible: Steps to Reproduce:
Here is the advisory for the updated packages for VLC-2.1.6 in Mageia 4: ============================== I have uploaded an updated package for Mageia 4. You can test this by running "vlc" and using it to play various media files. Suggested advisory: ======================== Updated vlc packages (2.1.6) are an upgrade with some fixes. The NEWS for 2.1.6 says: Changes between 2.1.5 and 2.1.6: -------------------------------- Audio output: * Fix OSS stuttering Security: * Fix heap overflow in decomp stream filter * Fix buffer overflow in updater * Fix potential buffer overflow in schroedinger encoder * Fix null-pointer dereference in DMO decoder * Fix buffer overflow in parsing of string boxes in mp4 demuxer * Fix SRTP integer overflow * Fix potential crash in zip access * Fix read overflow in Ogg demuxer References: https://bugs.mageia.org/show_bug.cgi?id=15381 ======================== Updated packages in core/updates_testing i586: ======================== vlc-2.1.6-1.0.mga4.i586.rpm libvlc5-2.1.6-1.0.mga4.i586.rpm libvlccore7-2.1.6-1.0.mga4.i586.rpm libvlc-devel-2.1.6-1.0.mga4.i586.rpm vlc-plugin-common-2.1.6-1.0.mga4.i586.rpm vlc-plugin-zvbi-2.1.6-1.0.mga4.i586.rpm vlc-plugin-kate-2.1.6-1.0.mga4.i586.rpm vlc-plugin-libass-2.1.6-1.0.mga4.i586.rpm vlc-plugin-lua-2.1.6-1.0.mga4.i586.rpm vlc-plugin-ncurses-2.1.6-1.0.mga4.i586.rpm vlc-plugin-lirc-2.1.6-1.0.mga4.i586.rpm svlc-2.1.6-1.0.mga4.i586.rpm vlc-plugin-aa-2.1.6-1.0.mga4.i586.rpm vlc-plugin-sdl-2.1.6-1.0.mga4.i586.rpm vlc-plugin-shout-2.1.6-1.0.mga4.i586.rpm vlc-plugin-opengl-2.1.6-1.0.mga4.i586.rpm vlc-plugin-projectm-2.1.6-1.0.mga4.i586.rpm vlc-plugin-theora-2.1.6-1.0.mga4.i586.rpm vlc-plugin-twolame-2.1.6-1.0.mga4.i586.rpm vlc-plugin-fluidsynth-2.1.6-1.0.mga4.i586.rpm vlc-plugin-gme-2.1.6-1.0.mga4.i586.rpm vlc-plugin-schroedinger-2.1.6-1.0.mga4.i586.rpm vlc-plugin-speex-2.1.6-1.0.mga4.i586.rpm vlc-plugin-flac-2.1.6-1.0.mga4.i586.rpm vlc-plugin-dv-2.1.6-1.0.mga4.i586.rpm vlc-plugin-mod-2.1.6-1.0.mga4.i586.rpm vlc-plugin-mpc-2.1.6-1.0.mga4.i586.rpm vlc-plugin-sid-2.1.6-1.0.mga4.i586.rpm vlc-plugin-pulse-2.1.6-1.0.mga4.i586.rpm vlc-plugin-jack-2.1.6-1.0.mga4.i586.rpm vlc-plugin-bonjour-2.1.6-1.0.mga4.i586.rpm vlc-plugin-upnp-2.1.6-1.0.mga4.i586.rpm vlc-plugin-gnutls-2.1.6-1.0.mga4.i586.rpm vlc-plugin-libnotify-2.1.6-1.0.mga4.i586.rpm vlc-debuginfo-2.1.6-1.0.mga4.i586.rpm Updated packages in core/updates_testing x86_64: ======================== vlc-2.1.6-1.0.mga4.x86_64.rpm lib64vlc5-2.1.6-1.0.mga4.x86_64.rpm lib64vlccore7-2.1.6-1.0.mga4.x86_64.rpm lib64vlc-devel-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-common-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-zvbi-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-kate-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-libass-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-lua-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-ncurses-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-lirc-2.1.6-1.0.mga4.x86_64.rpm svlc-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-aa-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-sdl-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-shout-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-opengl-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-projectm-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-theora-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-twolame-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-fluidsynth-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-gme-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-schroedinger-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-speex-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-flac-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-dv-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-mod-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-mpc-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-sid-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-pulse-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-jack-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-bonjour-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-upnp-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-gnutls-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-libnotify-2.1.6-1.0.mga4.x86_64.rpm vlc-debuginfo-2.1.6-1.0.mga4.x86_64.rpm Updated packages in tainted/updates_testing i586: ======================== vlc-2.1.6-1.0.mga4.tainted.i586.rpm libvlc5-2.1.6-1.0.mga4.tainted.i586.rpm libvlccore7-2.1.6-1.0.mga4.tainted.i586.rpm libvlc-devel-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-common-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-zvbi-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-kate-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-libass-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-lua-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-ncurses-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-lirc-2.1.6-1.0.mga4.tainted.i586.rpm svlc-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-aa-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-sdl-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-shout-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-opengl-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-projectm-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-theora-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-twolame-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-fluidsynth-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-gme-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-schroedinger-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-speex-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-flac-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-dv-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-mod-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-mpc-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-sid-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-pulse-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-jack-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-bonjour-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-upnp-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-gnutls-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-libnotify-2.1.6-1.0.mga4.tainted.i586.rpm vlc-debuginfo-2.1.6-1.0.mga4.tainted.i586.rpm Updated packages in tainted/updates_testing x86_64: ======================== vlc-2.1.6-1.0.mga4.tainted.x86_64.rpm lib64vlc5-2.1.6-1.0.mga4.tainted.x86_64.rpm lib64vlccore7-2.1.6-1.0.mga4.tainted.x86_64.rpm lib64vlc-devel-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-common-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-zvbi-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-kate-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-libass-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-lua-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-ncurses-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-lirc-2.1.6-1.0.mga4.tainted.x86_64.rpm svlc-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-aa-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-sdl-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-shout-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-opengl-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-projectm-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-theora-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-twolame-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-fluidsynth-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-gme-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-schroedinger-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-speex-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-flac-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-dv-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-mod-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-mpc-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-sid-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-pulse-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-jack-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-bonjour-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-upnp-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-gnutls-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-libnotify-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-debuginfo-2.1.6-1.0.mga4.tainted.x86_64.rpm Source RPMs: vlc-2.1.6-1.0.mga4.src.rpm vlc-2.1.6-1.0.mga4.tainted.src.rpm
Assignee: bugsquad => qa-bugs
Thanks. Just some comments on this. The References should be a link to the NEWS file for 2.1.6 in upstream git. Since some of those security issues were fixed in our previous update, that should be mentioned as well (maybe including that MGASA in the references as well).
Version: Cauldron => 4Depends on: 15381 => (none)
Here is an updated advisory with the commentary of David Walser applied: ---------------------------------------------------- I have uploaded an updated package for Mageia 4. You can test this by running "vlc" and using it to play various media files. Suggested advisory: ======================== Updated vlc packages (2.1.6) are an upgrade with some fixes. Some of the problems fixed upstream were already fixed by a previous Mageia update to VLC (see the link to MGASA-2015-0053). The NEWS for 2.1.6 says: Changes between 2.1.5 and 2.1.6: -------------------------------- Audio output: * Fix OSS stuttering Security: * Fix heap overflow in decomp stream filter * Fix buffer overflow in updater * Fix potential buffer overflow in schroedinger encoder * Fix null-pointer dereference in DMO decoder * Fix buffer overflow in parsing of string boxes in mp4 demuxer * Fix SRTP integer overflow * Fix potential crash in zip access * Fix read overflow in Ogg demuxer References: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=blob_plain;f=NEWS;hb=HEAD http://advisories.mageia.org/MGASA-2015-0053.html https://bugs.mageia.org/show_bug.cgi?id=15381 ======================== Updated packages in core/updates_testing i586: ======================== vlc-2.1.6-1.0.mga4.i586.rpm libvlc5-2.1.6-1.0.mga4.i586.rpm libvlccore7-2.1.6-1.0.mga4.i586.rpm libvlc-devel-2.1.6-1.0.mga4.i586.rpm vlc-plugin-common-2.1.6-1.0.mga4.i586.rpm vlc-plugin-zvbi-2.1.6-1.0.mga4.i586.rpm vlc-plugin-kate-2.1.6-1.0.mga4.i586.rpm vlc-plugin-libass-2.1.6-1.0.mga4.i586.rpm vlc-plugin-lua-2.1.6-1.0.mga4.i586.rpm vlc-plugin-ncurses-2.1.6-1.0.mga4.i586.rpm vlc-plugin-lirc-2.1.6-1.0.mga4.i586.rpm svlc-2.1.6-1.0.mga4.i586.rpm vlc-plugin-aa-2.1.6-1.0.mga4.i586.rpm vlc-plugin-sdl-2.1.6-1.0.mga4.i586.rpm vlc-plugin-shout-2.1.6-1.0.mga4.i586.rpm vlc-plugin-opengl-2.1.6-1.0.mga4.i586.rpm vlc-plugin-projectm-2.1.6-1.0.mga4.i586.rpm vlc-plugin-theora-2.1.6-1.0.mga4.i586.rpm vlc-plugin-twolame-2.1.6-1.0.mga4.i586.rpm vlc-plugin-fluidsynth-2.1.6-1.0.mga4.i586.rpm vlc-plugin-gme-2.1.6-1.0.mga4.i586.rpm vlc-plugin-schroedinger-2.1.6-1.0.mga4.i586.rpm vlc-plugin-speex-2.1.6-1.0.mga4.i586.rpm vlc-plugin-flac-2.1.6-1.0.mga4.i586.rpm vlc-plugin-dv-2.1.6-1.0.mga4.i586.rpm vlc-plugin-mod-2.1.6-1.0.mga4.i586.rpm vlc-plugin-mpc-2.1.6-1.0.mga4.i586.rpm vlc-plugin-sid-2.1.6-1.0.mga4.i586.rpm vlc-plugin-pulse-2.1.6-1.0.mga4.i586.rpm vlc-plugin-jack-2.1.6-1.0.mga4.i586.rpm vlc-plugin-bonjour-2.1.6-1.0.mga4.i586.rpm vlc-plugin-upnp-2.1.6-1.0.mga4.i586.rpm vlc-plugin-gnutls-2.1.6-1.0.mga4.i586.rpm vlc-plugin-libnotify-2.1.6-1.0.mga4.i586.rpm vlc-debuginfo-2.1.6-1.0.mga4.i586.rpm Updated packages in core/updates_testing x86_64: ======================== vlc-2.1.6-1.0.mga4.x86_64.rpm lib64vlc5-2.1.6-1.0.mga4.x86_64.rpm lib64vlccore7-2.1.6-1.0.mga4.x86_64.rpm lib64vlc-devel-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-common-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-zvbi-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-kate-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-libass-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-lua-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-ncurses-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-lirc-2.1.6-1.0.mga4.x86_64.rpm svlc-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-aa-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-sdl-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-shout-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-opengl-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-projectm-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-theora-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-twolame-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-fluidsynth-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-gme-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-schroedinger-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-speex-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-flac-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-dv-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-mod-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-mpc-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-sid-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-pulse-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-jack-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-bonjour-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-upnp-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-gnutls-2.1.6-1.0.mga4.x86_64.rpm vlc-plugin-libnotify-2.1.6-1.0.mga4.x86_64.rpm vlc-debuginfo-2.1.6-1.0.mga4.x86_64.rpm Updated packages in tainted/updates_testing i586: ======================== vlc-2.1.6-1.0.mga4.tainted.i586.rpm libvlc5-2.1.6-1.0.mga4.tainted.i586.rpm libvlccore7-2.1.6-1.0.mga4.tainted.i586.rpm libvlc-devel-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-common-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-zvbi-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-kate-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-libass-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-lua-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-ncurses-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-lirc-2.1.6-1.0.mga4.tainted.i586.rpm svlc-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-aa-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-sdl-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-shout-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-opengl-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-projectm-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-theora-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-twolame-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-fluidsynth-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-gme-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-schroedinger-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-speex-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-flac-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-dv-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-mod-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-mpc-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-sid-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-pulse-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-jack-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-bonjour-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-upnp-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-gnutls-2.1.6-1.0.mga4.tainted.i586.rpm vlc-plugin-libnotify-2.1.6-1.0.mga4.tainted.i586.rpm vlc-debuginfo-2.1.6-1.0.mga4.tainted.i586.rpm Updated packages in tainted/updates_testing x86_64: ======================== vlc-2.1.6-1.0.mga4.tainted.x86_64.rpm lib64vlc5-2.1.6-1.0.mga4.tainted.x86_64.rpm lib64vlccore7-2.1.6-1.0.mga4.tainted.x86_64.rpm lib64vlc-devel-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-common-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-zvbi-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-kate-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-libass-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-lua-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-ncurses-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-lirc-2.1.6-1.0.mga4.tainted.x86_64.rpm svlc-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-aa-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-sdl-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-shout-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-opengl-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-projectm-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-theora-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-twolame-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-fluidsynth-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-gme-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-schroedinger-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-speex-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-flac-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-dv-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-mod-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-mpc-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-sid-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-pulse-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-jack-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-bonjour-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-upnp-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-gnutls-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-plugin-libnotify-2.1.6-1.0.mga4.tainted.x86_64.rpm vlc-debuginfo-2.1.6-1.0.mga4.tainted.x86_64.rpm Source RPMs: vlc-2.1.6-1.0.mga4.src.rpm vlc-2.1.6-1.0.mga4.tainted.src.rpm
In VirtualBox, M4, KDE, 32-bit Package(s) under test: vlc svlc vlc-plugin-upnp libvlc5 libvlccore7 vlc-plugin-common vlc-plugin-pulse vlc-plugin-theora default install of vlc [root@localhost wilcal]# urpmi vlc Package vlc-2.1.5-1.1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi svlc Package svlc-2.1.5-1.1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-upnp Package vlc-plugin-upnp-2.1.5-1.1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libvlc5 Package libvlc5-2.1.5-1.1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libvlccore7 Package libvlccore7-2.1.5-1.1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-common Package vlc-plugin-common-2.1.5-1.1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-pulse Package vlc-plugin-pulse-2.1.5-1.1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-theora Package vlc-plugin-theora-2.1.5-1.1.mga4.tainted.i586 is already installed VLC plays audio and video files as well as audio and video files from a upnp server on the LAN. install package from updates_testing [root@localhost wilcal]# urpmi vlc Package vlc-2.1.6-1.0.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi svlc Package svlc-2.1.6-1.0.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-upnp Package vlc-plugin-upnp-2.1.6-1.0.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libvlc5 Package libvlc5-2.1.6-1.0.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libvlccore7 Package libvlccore7-2.1.6-1.0.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-common Package vlc-plugin-common-2.1.6-1.0.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-pulse Package vlc-plugin-pulse-2.1.6-1.0.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi vlc-plugin-theora Package vlc-plugin-theora-2.1.6-1.0.mga4.tainted.i586 is already installed VLC plays audio and video files as well as audio and video files from a upnp server on the LAN. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Package(s) under test: vlc svlc vlc-plugin-upnp lib64vlc5 lib64vlccore7 vlc-plugin-common vlc-plugin-pulse vlc-plugin-theora default install of vlc [root@localhost wilcal]# urpmi vlc Package vlc-2.1.5-1.1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi svlc Package svlc-2.1.5-1.1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi vlc-plugin-upnp Package vlc-plugin-upnp-2.1.5-1.1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64vlc5 Package lib64vlc5-2.1.5-1.1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64vlccore7 Package lib64vlccore7-2.1.5-1.1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi vlc-plugin-common Package vlc-plugin-common-2.1.5-1.1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi vlc-plugin-pulse Package vlc-plugin-pulse-2.1.5-1.1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi vlc-plugin-theora Package vlc-plugin-theora-2.1.5-1.1.mga4.tainted.x86_64 is already installed VLC plays audio and video files as well as audio and video files from a upnp server on the LAN. install vlc from updates_testing [root@localhost wilcal]# urpmi vlc Package vlc-2.1.6-1.0.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi svlc Package svlc-2.1.6-1.0.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi vlc-plugin-upnp Package vlc-plugin-upnp-2.1.6-1.0.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64vlc5 Package lib64vlc5-2.1.6-1.0.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64vlccore7 Package lib64vlccore7-2.1.6-1.0.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi vlc-plugin-common Package vlc-plugin-common-2.1.6-1.0.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi vlc-plugin-pulse Package vlc-plugin-pulse-2.1.6-1.0.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi vlc-plugin-theora Package vlc-plugin-theora-2.1.6-1.0.mga4.tainted.x86_64 is already installed VLC plays audio and video files as well as audio and video files from a upnp server on the LAN. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
I'm gonna leave it alone for a couple days. See if someone else wants to tinker with it.
This update is good to go. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: (none) => MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
Another CVE was fixed in VLC 2.1.6: http://openwall.com/lists/oss-security/2015/03/05/2 Addendum to the advisory: VLC versions before 2.1.5 contain a vulnerability in the transcode module that may allow a corrupted stream to overflow buffers on the heap. With a non-malicious input, this could lead to heap corruption and a crash. However, under the right circumstances, a malicious attacker could potentially use this vulnerability to hijack program execution, and on some platforms, execute arbitrary code (CVE-2014-6440). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6440 http://openwall.com/lists/oss-security/2015/03/05/2
Advisory committed to svn. Someone from the sysadmin team please push 15384.adv from Mageia 4 core updates testing, and tainted updates testing to core updates and tainted updates.
CC: (none) => davidwhodginsWhiteboard: MGA4-32-OK MGA4-64-OK => MGA4-32-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0095.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/635769/